'Exposure of confidential secret or token SSH private key'
Description
The response body contains content that matches the pattern of an SSH private key was identified. Private SSH keys are used for authentication and symmetric key exchange. A malicious actor with access to this key can use it to impersonate an application or service.. Exposing this value could allow attackers to gain access to all resources granted by this token.
Remediation
For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on Credential exposure to the internet.
To generate a new ed25519 key (recommended) use the ssh-keygen tool:
console ssh-keygen -t ed25519
To generate a new ECDSA key, use the ssh-keygen tool:
console ssh-keygen -t ecdsa
To generate a new DSA key, use the ssh-keygen tool:
console ssh-keygen -t dsa
For more information, please see the ssh-keygen documentation.
Details
| ID | Aggregated | CWE | Type | Risk |
|---|---|---|---|---|
| 798.94 | false | 798 | Passive | High |