- Status Closed
-
Assigned To
hdegorce - Private
Opened by deathstorm - 29.04.2025
Last edited by hdegorce - 29.04.2025
FS#165 - Exposed Private SSH Key in Public GitHub Repository
Hello,
I discovered a private SSH key exposed in a public GitHub repository. This poses a significant security risk, as an attacker could potentially gain unauthorized access to servers or internal systems if the key is still active and not passphrase-protected.
OPEN SSH PRIVATE KEY….
—–BEGIN OPENSSH PRIVATE KEY—– b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACC4LTWO3FUlXJLlxmPXy2enZnARnnqRgZ6+7lzNvwL7OwAAAJBn8JtCZ/Cb
QgAAAAtzc2gtZWQyNTUxOQAAACC4LTWO3FUlXJLlxmPXy2enZnARnnqRgZ6+7lzNvwL7Ow
AAAEC67kacvftsZrOeW19wnOUYHgxqwzb4YYdACf5+MV1tVLgtNY7cVSVckuXGY9fLZ6dm
cBGeepGBnr7uXM2/Avs7AAAABm5vbmFtZQECAwQFBgc=
—–END OPENSSH PRIVATE KEY—–
Also , I have added the location where i found
you can check their….
Location of the leak: https://github.com/Hitch95/MSPR_CLOE855/blob/7a8cecc557eba449c9788ecacdeb88bdd22a9587/README.md?plain=1#L45
Just paste this in browser and scroll down key starts from 150 line number you can check their
Impact:
An attacker can gain direct SSH access to critical systems
It can be used to bypass authentication and remain undetected..
29.04.2025 07:45
Reason for closing: Invalid
Additional comments about closing:
This private SSH key and this Github
projects belong to one of our clients.
Which is out of scope (we cannot do
anything if they leak their
credentials).
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task