OWASP WrongSecrets

🔍 Your Task

Find the secret hidden in the WrongSecrets repository. This challenge focuses on Documentation.

💡 Look for: Configuration files, source code, environment variables, Docker files, or cloud infrastructure related to this challenge.

Reporting on Vulnerabilities

A security researcher found a Google API key and together with the project leader @commjoen made a GitHub security advisory. The only thing @commjoen did wrong was publish the API key as part of the advisory. Can you spot the key?

🔑 Enter the secret you found: 💡 Tip: Secrets are often strings, numbers, or encoded values. Copy and paste exactly what you find.

🔍 What's Wrong?

Why we need to be careful with vulnerability reports

When you report a vulnerability or publish a security advisory, always be careful with the information you spread with them. Exact values of found hardcoded secrets, especially those harder to rotate, should not be put into your security report and/or the publication.

🔍 Your Task

Reporting on Vulnerabilities

Congratulations!