search

nalbion / WebGoat

WebGoat is a deliberately insecure application
https://owasp.org/www-project-webgoat/
Other
0 stars 0 forks source link

Secrets Dashboard #1

Open nalbion-nullify[bot] opened 4 months ago

nalbion-nullify[bot] commented 4 months ago

36 potential secrets found in repository

🔑 Private Key 🔒 Generic API Key ☁️ Cloud API Key 💬 Slack token Misc.
3 9 1 0 23

ID: 01HX8963NQ8JCM6V66KH88XDDV Generic API Key First Commit Time: 2014-08-24T17:25:41Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/webapp/js/ace/worker-xquery.js#L1 # ID: 01HX8963NQ8JCM6V66GGWVA8P3 Generic API Key First Commit Time: 2014-09-15T14:40:51Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/java/org/owasp/webgoat/lessons/DOMInjection.java#L63 # ID: 01HX8963NQ8JCM6V66GJH54V76 HashiCorp Terraform password field First Commit Time: 2014-09-15T14:40:51Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/GoatHillsFinancial.java#L84 # ID: 01HX8963NQ8JCM6V66GR5VZ412 HashiCorp Terraform password field First Commit Time: 2014-09-15T14:40:51Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/java/org/owasp/webgoat/lessons/InsecureLogin.java#L30 # ID: 01HX8963NQ8JCM6V66G4C171K3 HashiCorp Terraform password field First Commit Time: 2015-09-16T02:24:11Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-container/src/main/java/org/owasp/webgoat/session/ECSFactory.java#L70 # ID: 01HX8963NQ8JCM6V66G8BWZFKT HashiCorp Terraform password field First Commit Time: 2015-09-16T02:24:11Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatContext.java#L27 # ID: 01HX8963NQ8JCM6V66FW4BCKG0 AWS First Commit Time: 2016-11-19T14:29:05Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/.travis.yml#L20 # ID: 01HX8963NQ8JCM6V66FV23BW1D JSON Web Token First Commit Time: 2017-05-03T00:47:04Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/challenge/src/test/java/org/owasp/webgoat/plugin/challenge5/VotesEndpointTest.java#L128 # ID: 01HX8963NQ8JCM6V66FVDMZDQN JSON Web Token First Commit Time: 2017-05-03T00:47:04Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/challenge/src/test/java/org/owasp/webgoat/plugin/challenge5/VotesEndpointTest.java#L136 # ID: 01HX8963NQ8JCM6V66FVH6ZAGN JSON Web Token First Commit Time: 2017-05-03T00:47:04Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/challenge/src/test/java/org/owasp/webgoat/plugin/challenge5/VotesEndpointTest.java#L144 # ID: 01HX8963NQ8JCM6V66FS1CQTT0 JSON Web Token First Commit Time: 2017-05-03T00:47:04Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/challenge/src/test/java/org/owasp/webgoat/plugin/challenge5/VotesEndpointTest.java#L81 # ID: 01HX8963NQ8JCM6V66FQBCCB4D HashiCorp Terraform password field First Commit Time: 2017-05-03T12:33:58Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/SolutionConstants.java#L15 # ID: 01HX8963NQ8JCM6V66FMHM120B JSON Web Token First Commit Time: 2018-04-23T09:09:30Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_weak_keys#L12 # ID: 01HX8963NQ8JCM6V66FERP1MBH Generic API Key First Commit Time: 2018-05-21T10:41:37Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/plugin/refresh/RefreshEndpoint.java#L6 # ID: 01HX8963NQ8JCM6V66FMAAH017 Generic API Key First Commit Time: 2018-05-21T10:41:37Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/jwt/src/main/resources/images/logs.txt#L2 # ID: 01HX8963NQ8JCM6V66FDGRY54C JSON Web Token First Commit Time: 2018-05-21T10:41:37Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/plugin/refresh/RefreshEndpoint.java#L5 # ID: 01HX8963NQ8JCM6V66F4FM3Q7S Generic API Key First Commit Time: 2018-05-22T15:06:03Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/jwt/src/main/resources/js/jwt-refresh.js#L10 # ID: 01HX8963NQ8JCM6V66EVTKPNA2 JSON Web Token First Commit Time: 2018-06-08T17:31:32Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_weak_keys#L12 # ID: 01HX8963NQ8JCM6V66EGWW1CRR Private Key First Commit Time: 2019-11-23T20:52:14Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/CryptoUtil.java#L44 # ID: 01HX8963NQ8JCM6V66DWC95415 Generic API Key First Commit Time: 2021-09-23T12:04:53Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/insecure-deserialization/src/test/java/org/owasp/webgoat/deserialization/DeserializeTest.java#L80 # ID: 01HX8963NQ8JCM6V66DE2JX9R6 HashiCorp Terraform password field First Commit Time: 2023-01-04T07:07:23Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java#L65 # ID: 01HX8963NQ8JCM6V66DFYMHAXV HashiCorp Terraform password field First Commit Time: 2023-01-04T07:07:23Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java#L66 # ID: 01HX8963NQ8JCM6V66DJ4TMD2E JSON Web Token First Commit Time: 2023-01-04T07:07:23Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/test/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpointTest.java#L23 # ID: 01HX8963NQ8JCM6V66DQZFA5ZX JSON Web Token First Commit Time: 2023-01-04T07:07:23Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/test/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpointTest.java#L113 # ID: 01HX8963NQ8JCM6V66DN29V0WJ JSON Web Token First Commit Time: 2023-01-04T07:07:23Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/test/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpointTest.java#L74 # ID: 01HX8963NQ8JCM6V66DSPMFRTK JSON Web Token First Commit Time: 2023-01-04T07:07:23Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/test/java/org/owasp/webgoat/webwolf/jwt/JWTTokenTest.java#L30 # ID: 01HX8963NQ8JCM6V66DSQMDX2A JSON Web Token First Commit Time: 2023-01-04T07:07:23Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/test/java/org/owasp/webgoat/webwolf/jwt/JWTTokenTest.java#L44 # ID: 01HX8963NQ8JCM6V66DVN9PCPS JSON Web Token First Commit Time: 2023-01-04T07:07:23Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/test/java/org/owasp/webgoat/webwolf/jwt/JWTTokenTest.java#L55 # ID: 01HX8963NQ8JCM6V66DBA0CQAE Private Key First Commit Time: 2023-01-04T07:07:23Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/java/org/owasp/webgoat/lessons/cryptography/CryptoUtil.java#L133 # ID: 01HX8963NQ8JCM6V66D8FX6X3G Private Key First Commit Time: 2023-01-04T07:07:23Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/java/org/owasp/webgoat/lessons/cryptography/CryptoUtil.java#L45 # ID: 01HX8963NQ8JCM6V66D6D3W84B Generic API Key First Commit Time: 2023-02-22T21:55:48Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java#L34 # ID: 01HX8963NQ8JCM6V66CY7D4NJ2 JSON Web Token First Commit Time: 2023-11-14T09:01:59Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/resources/lessons/jwt/html/JWT.html#L322 # ID: 01HX8963NQ8JCM6V66CYQVMJR7 JSON Web Token First Commit Time: 2023-11-14T09:01:59Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/resources/lessons/jwt/html/JWT.html#L388 # ID: 01HX8963NQ8JCM6V66CXP8N9B6 JSON Web Token First Commit Time: 2023-11-14T17:14:48Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/robot/goat.robot#L111 # ID: 01HX8963NQ8JCM6V66CXH1GS0X Generic API Key First Commit Time: 2023-12-06T15:10:19Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/resources/webgoat/static/js/jquery/jquery-ui-1.10.4.custom.min.js#L7 # ID: 01HX8963NQ8JCM6V66CVR70MDX Generic API Key First Commit Time: 2023-12-06T15:10:19Z https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/resources/webgoat/static/js/libs/jquery-ui.min.js#L13

Reply with /nullify to interact with me like another developer

If you'd like me to allowlist a secret, you can do so by commenting on this issue with an allowlist reason and I'll open a pull request to update the Nullify config file

For example, /nullify allowlist <secret-value> as it has been rotated

nalbion commented 4 months ago

/nullify create a PR to fix the SQL vulnerabilities

nalbion commented 4 months ago

/nullify create a PR to fix the SQL vulnerabilities