|
|
|
|
|
|
by omra
4918 days ago
|
|
|
I have no problem with old issues or vulnerabilities being posted, of course, especially when they are very widespread such as in this case. Note that not all of those results are necessarily vulnerable, for example, https://github.com/hotsh/rstat.us/blob/master/config/initial... loads the secret key from the environment, and https://github.com/GreenplumChorus/chorus/blob/master/config... loads it from an ignored file (like the article). I would estimate the real number of projects to be somewhere less than 3000, with about 1400 being on Github. This also assumes that these are all actually production keys. Just to reiterate, I do believe that this is a legitimate problem even now, but I just wanted to note the age of the article and to refute the claim that this is the first mention of the issue. |
|
|