Challenge 35

Welcome to challenge 35. You need to guess the secret that is hidden in Java, Docker, Kubernetes, Vault, AWS or GCP.

Reporting on Vulnerabilities

A security researcher found a Google API key and together with the project leader @commjoen made a GitHub security advisory. The only thing @commjoen did wrong was publish the API key as part of the advisory. Can you spot the key?

Answer to solution :

Why we need to be careful with vulnerability reports

When you report a vulnerability or publish a security advisory, always be careful with the information you spread with them. Exact values of found hardcoded secrets, especially those harder to rotate, should not be put into your security report and/or the publication.