Exposed credentials (e.g., access tokens, API keys, etc.) can lead to the compromise of the entire service.
-
Github access token exposure
- Hackerone report, Github access token exposure
-
Exposed Kubernetes API Endpoint without authorization
- Hackerone report, Exposed Kubernetes API - RCE/Exposed Creds
-
Username and password exposed on GitHub
- Hackerone report, Leaked JFrog Artifactory username and password exposed on GitHub
-
Database queries exposure
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax near 'SELECT * FROM users WHERE id=1\'' at line 1
-
Exposing sensitive information through stack traces
requests.exceptions.ConnectionError: HTTPConnectionPool(host='invalid_host', port=8080): Max retries exceeded with url: /data?apikey=secret_hardcoded_key&keyword=test (Caused by NameResolutionError("<urllib3.connection.HTTPConnection object at 0x100000000>: Failed to resolve 'invalid_host' ([Errno 8] nodename nor servname provided, or not known)"))