Thousands of images on Docker Hub leak auth secrets, private keys - eviltoast
  • moon_matter@kbin.social
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Is this even a legitimate problem? Lots of people, myself included, have a “local” configuration. All of the services and credentials mentioned in the config are running on my personal machine for testing only during active development. None of those credentials refer to any sort of “real” service that’s on 24/7 and accessible via the internet. It’s effectively dummy data to the rest of the world and I imagine there are a ton of false positives like what I just described.