Any update on this? On Sun 17 Nov, 2019, 5:49 PM kunal mhaske, <kunalmhaske...@gmail.com> wrote:
> Title: Leaking sensitive information on Github (Database connection > And username, password) > > Vulnerability Name: Information Leak - Github > > Target: https://www.redhat.com/ > > Summary: > Accidental leakage of secret keys in such code repositories is a real > problem, I decided to dig deeper than the previous report and looking > to some random profiles in Github, and doing some dirty work I was > able to access to the developer’s company’s internal chats and files > on Slack. And not only that, there’s no easy way to see if someone is > eavesdropping on the communication. In the worst case scenario, these > chats can leak production database credentials, source code, files > with passwords and highly sensitive information. > > Description: > After some research, I found a leak on GitHub that might lead to > accessing sensitive data of employees or clients (not sure based on > the code). I have not confirmed what kind of data is in there to > avoid potential legal issues. I will let you guys figure that out > > I am not sure who is the owner of the repository, but I can tell you > that the SAP credentials are for someone at apple. > > 1.On The following link You can see the users information link ( see > screenshot 1&2) : > > https://github.com/search?p=3&q=%22leaseweb%22language%3Abash+password&type=Code > > 2. I have check the user profile on LinedIn( For Proof See the "Proof" > Image ) : https://de.linkedin.com/in/sebastian-hetze-3609b228 > > 3. Sebastian Hetze is Senior Solution Architect at Red Hat > > > Step: > > 1.search the "Red Hat" password in the github. > > 2.Select sort: recent indexed > > 3.then click on the code and see the Database connection. > > 4.then you can see their is many users. > > 5.then you see their is someone users secret is display. > > Impact > High potential of an unauthorized access to PII data. >
