welcome
Ars Technica

Ars Technica

Technology

Technology

Developers can’t seem to stop exposing credentials in publicly accessible code

Ars Technica
Summary
Nutrition label

76% Informative

Resear more than a decade 4,000 unique secrets stashed inside 450,000 Python projects.

Nearly 3,000 projects contained at least one unique secret in PyPI, the official code repository for the Python programming language.

The credentials exposed provided access to a range of resources, including Microsoft Active Directory and OAuth servers. RubyGems NPM years one one ummaryFeed_hi 2013 ghtText__NxlGi">PyPI dozens ghLightText__NxlGi">Google Cloud’s SSH t__NxlGi">O One /span> the pas Chromium.org an> Google least 15 2015 um Uber Feed_highLightText__NxlGi">Okta Tokens One aryFeed_highLightText__NxlGi">Kubernetes Cluster Credentials Splunk A GitHub ication Tokens Hashicorp Vault Tokens 50,000 _NxlGi">GitGuardian GitGuardian 768 GitGuardian PyPI two the past year the years ass="summaryFeed_highLi Uber ext__NxlGi">three week GitGuardian r this week hLightText__NxlGi" almost 4,000 pan> 450,000 Gi">Google Cloud PyPI pan class="summaryFeed_highLightText__NxlGi">API Nearly 3,000 d_highLightText__Nxl at least one - Database third almost 57,000 t__NxlGi">SSH OAuth GitGuardian ghtText__NxlGi">Microsoft Active Directory

VR Score

73

Informative language

71

Neutral language

42

Article tone

formal

Language

English

Language complexity

62

Offensive language

not offensive

Hate speech

not hateful

Attention-grabbing headline

not detected

Known propaganda techniques

not detected

Time-value

long-living

Affiliate links

no affiliate links