Credential with high entropy

ID

generic_credential

Severity

low

Vendor

-

Family

Generic secret

Description

A potential credential with high entropy was detected. Please note that to detect generic secrets, false positives may be flagged.

Security

Any reported value is a potential secret reported by this detector. As it is not known its target, the impact on a leaked secret cannot be assessed by this detector.

Examples

skyscanner_api_secret: YXNkZmZmZmZm_HARDcoded

Mitigation / Fix

  1. If the reported item is a secret, remove it from the source code or committed configuration file.

  2. Follow your policy for handling leaked secrets, which typically require revoking the secret in the target system(s).

  3. Check access logs to ensure that the secret was not used by unintended actors during the compromised period.