'Exposure of confidential secret or token EasyPost production API key'
Description
The response body contains content that matches the pattern of an EasyPost production API key was identified. Production API keys are used for live application operations and allow full account access. A malicious actor with access to this token can execute all API calls for the target environment. Exposing this value could allow attackers to gain access to all resources granted by this token.
Remediation
For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on Credential exposure to the internet.
To revoke the identified API token:
- Sign in to your account and go to the settings page https://www.easypost.com/account/settings
- Under the "Production API Keys", select the "Status" checkbox to disable the key
- In the "Are you sure you want to disable this key?" dialog, select "Disable"
- In the "Status" checkbox area, select the trash can icon to delete the key
For information on revoking and handling API Key Management, please see their documentation.
Details
| ID | Aggregated | CWE | Type | Risk |
|---|---|---|---|---|
| 798.36 | false | 798 | Passive | High |