all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Sourcegraph Administrator Access compromised by Credentials in Publicly Available Code

Add to bookmarks
Sept. 11, 2023, 5:01 a.m. | Ars Technica

The RISKS Digest catless.ncl.ac.uk 

ArsTechnica reports that a recent security breach at Sourcegraph was
facilitated by credentials embedded in publicly-available source code.

Credentials visible in source or executable code is an obviously bad
practice. Besides the fact that it is obviously dangerous, it has been on
the OWASP list for many years.

The tragedy is that this class of security breach is completely
preventable. There is no reason for putting credentials in source or
executable code.

The ArsTechnica article can be found at:

https://arstechnica.com/security/2023/09/pii-leaked-after-sourcegraph-an-ai-driv …

access bad breach code compromised credentials embedded fact list owasp practice reports security security breach source code sourcegraph visible

Visit resource

More from catless.ncl.ac.uk / The RISKS Digest

iPhone Apps Secretly Harvest Data When They Send Notifications 3 months, 1 week ago | catless.ncl.ac.uk
acm app app development apple +20
Authorities investigating massive security breach at Global Affairs Canada 3 months, 1 week ago | catless.ncl.ac.uk
breach canada canadian cbc +19
Bugs in our pockets: the risks of client-side scanning 3 months, 1 week ago | catless.ncl.ac.uk
bugs businesses client client-side +20
Tesla Hacked at Pwn2Own Automotive 2024 3 months, 1 week ago | catless.ncl.ac.uk
automotive awards bleepingcomputer bug +21
The Great Freight-Train Heists of the 21st Century 3 months, 1 week ago | catless.ncl.ac.uk
access amazon breaking can +13
Offshore Wind Farms Vulnerable to Cyberattacks 3 months, 1 week ago | catless.ncl.ac.uk
acm blackouts canada concordia +21
EFI IPv6/PXE Security Flaw 3 months, 3 weeks ago | catless.ncl.ac.uk
code console critical enable +19
Imaging privacy threats from an ambient light sensor 3 months, 3 weeks ago | catless.ncl.ac.uk
Re: CLEAR wants to scan your face at airports. Privacy experts are worried. 3 months, 3 weeks ago | catless.ncl.ac.uk
airports case clear down +11

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Cyber Security Analyst

@ Dane Street | Palm Beach Gardens, Florida, United States
View on infosec-jobs.com

Program Information System Security Manager (ISSM) - onsite Tucson, AZ - TOP SECRET required

@ RTX | AZ855: RMS AP Bldg M05 1151 East Hermans Road Building M05, Tucson, AZ, 85756 USA
View on infosec-jobs.com

Lead - Business System Service (Workday HR Functional Consultant)

@ Freshworks | Bengaluru, India
View on infosec-jobs.com

Cloud Security Engineer

@ ButterflyMX | United States - Remote
View on infosec-jobs.com

Compliance Specialist

@ Airtable | Austin, Texas or San Francisco, California
View on infosec-jobs.com

Cyber SCRM Cloud Assessor Lead

@ Accenture Federal Services | Arlington, VA
View on infosec-jobs.com
View more jobs