Challenge 37 ☆☆
Welcome to challenge Challenge 37.
Find the secret hidden in the WrongSecrets repository. This challenge focuses on CI/CD.
💡 Look for: Configuration files, source code, environment variables, Docker files, or cloud infrastructure related to this challenge.
Given all the daft findings we already have in this project, we decided to implement automated scanning using ZAP. To do that, we need to be able to fuzz the endpoint of this challenge: /authenticated/challenge37
and thus configure basic auth for ZAP. Can you find the secret returned at the endpoint?
Hint: We use GitHub actions.