Use of Hard-coded Credentials in cythron/gcp
Valid
Reported on
May 18th 2021
✍️ Description
Hard-Coded User Credentials are exposed in the docker file.
🕵️♂️ Proof of Concept
https://github.com/cythron/gcp/blob/master/%23Dockerfile#L20
💥 Impact
Attacker is capable of login using given credentials.
Occurrences
to join this conversation