Home GitHub Stunning display of silly secret C 情報のdentials found in the repository

Brian Krebs, a security researcher, has brought us news. GitHub A large number of explicit passwords, SSH private keys, tokens and other sensitive CISA assets are stored in the repository.

GitGuardian’s Guillaume Valadon has attracted Krebs’ attention, a public repository now off-line (with a somewhat interesting name “Private-CISA”), and GitGuardian’s public code scan reminds him of its existence. Krebs states that Valadon contacted the owner of the Private-CISA repository after not receiving a reply.

In an e-mail to Krebs, Valadon claims that the repository's submission log indicates that GitHub's default protection against filing secrets (aimed to protect uninformed or unskilled developers from such foolish behaviour) has been disabled by the repository administrator.

The Seralys founder, Philippe Caturegli, has tested that this is not a joke or a scam and that he is able to access more than one of the certificates in the Private-CISA repository "with high permission" Amazon Web Services Go.vCloud account.

Krebs stated that the buy-back agreement appeared to be managed by the CISA contractor, Nightwing, based in Virginia. Nightwing has not commented publicly to date, but has referred the matter back to CISA.

It's not the first time that CISA screwed up -- it's not, in fact, the first time this year. In January, Madhu Gottumukkala, acting director of the failed polygraph, requested and obtained a ban on the use of Chat by CISA personnel.GPT Once exempted from institutional policy, sensitive government documents are uploaded to ChatGPTI don't know. Gottumukkala was dismissed in February.