OWASP WrongSecrets

Find the secret hidden in the WrongSecrets repository. This challenge focuses on Documentation.

💡 Look for: Configuration files, source code, environment variables, Docker files, or cloud infrastructure related to this challenge.

A user accidentally reveals the new AWS Secret key in conversation between him and his friend in a GitHub issue.

Can you spot the secret in our GitHub repository?

🔑 Enter the secret you found: 💡 Tip: Secrets are often strings, numbers, or encoded values. Copy and paste exactly what you find.

We are looking for the secret in a closed GitHub issue in our GitHub repository. But how do we find it?

You can solve this challenge by the following steps:

When you land on the issues tab of our GitHub, click on the Closed option to get all the closed issues up to this day
Go through all the issues that seem fishy for you and you can spot the Secret.

Why storing secrets in closed GitHub issue is a bad idea?

You should never reveal any secret in a GitHub issue because even when the issue is closed all data is public and is very easy to spot.

So go through the issue twice before posting it on any repository.