Credentials File

ID

credentials_file

Severity

high

Vendor

-

Family

Generic secret

Description

Some files are sensitive per-se, and any leak should be reported. For example, a file known to contain clear-text credentials.

Security

Any credentials file is a potential secret reported by this detector, that when leaked can give unintended access to threat actors.

Examples

  • A 1Password Emergency Kit is a PDF file that was generated with the master secret key for the 1Password service.

  • A text file with multi-factor authentication (MFA) recovery codes. When leaked it can be used to skip MFA.

Mitigation / Fix

  1. Follow your policy for handling leaked secrets, which typically require revoking or renewing the secret in the target system(s).

  2. Remove the credentials file from the source code or committed configuration file. Edit ignore files (like .gitignore) to exclude the file from version control, or .dockerignore for excluding credential files from container images.

  3. Check access logs to ensure that the secret was not used by unintended actors during the compromised period.

You should consider any credential in leaked files as compromised.

Remember that secrets may be removed from history in your projects, but not in other users' cloned or forked repositories. Never skip credential renewal !

Reference

  • https://