Fix/login session by key pairs #3417
Conversation
![devsecopsbot[bot]](https://avatars.githubusercontent.com/in/963709?s=60&v=4){kind=small}
There was a problem hiding this comment.
🤖 AI Security analysis: "High-severity secret: hardcoded RSA private key(s) found in libs/utils RSAKeyPairUtils.java, exposing cryptographic credentials that enable impersonation or decryption. Remediate immediately."
| Risk Level | AI Score |
|---|---|
| 🔴 CRITICAL | 92.0/100 |
Top 2 security issues / 2 total (Critical: 0, High: 2, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
 private-key |
libs/utils/src/main/java/com/akto/utils/RSAKeyPairUtils.java:19 |
private-key has detected secret for file libs/utils/src/main/java/com/akto/utils/RSAKeyPa… |
| private-key |
libs/utils/src/main/java/com/akto/utils/RSAKeyPairUtils.java:101 |
private-key has detected secret for file libs/utils/src/main/java/com/akto/utils/RSAKeyPa… |
There was a problem hiding this comment.
🤖 AI Security analysis: "High-severity secret found: a private key is committed in libs/utils/src/main/java/com/akto/utils/RSAKeyPairUtils.java. This risks credential leakage and potential full-system compromise if exploited. Remove and rotate the key immediately and prevent recurrence with secret management and automated scanning."
| Risk Level | AI Score |
|---|---|
| 🔴 CRITICAL | 88.0/100 |
Top 1 security issues / 1 total (Critical: 0, High: 1, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| private-key |
libs/utils/src/main/java/com/akto/utils/RSAKeyPairUtils.java:18 |
private-key has detected secret for file libs/utils/src/main/java/com/akto/utils/RSAKeyPa… |
TangoBeeAkto
force-pushed
the
fix/login_session_by_key_pairs
branch
from
5c19104 to
20d3769
Compare
There was a problem hiding this comment.
🤖 AI Security analysis: "A high-severity secret was committed: a private RSA key in the codebase, risking key compromise and unauthorized access. Remove and rotate the key and add automated scanning to prevent recurrence."
| Risk Level | AI Score |
|---|---|
| 🔴 CRITICAL | 90.0/100 |
Top 1 security issues / 1 total (Critical: 0, High: 1, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| private-key |
libs/utils/src/main/java/com/akto/utils/RSAKeyPairUtils.java:18 |
private-key has detected secret for file libs/utils/src/main/java/com/akto/utils/RSAKeyPa… |
There was a problem hiding this comment.
🤖 AI Security analysis: "Two high-severity private keys are committed in the codebase, exposing credentials that could enable unauthorized access or compromise. Immediate remediation is required to prevent misuse and credential replay."
| Risk Level | AI Score |
|---|---|
| 🔴 CRITICAL | 90.0/100 |
Top 2 security issues / 2 total (Critical: 0, High: 2, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| private-key |
libs/utils/src/main/java/com/akto/utils/RSAKeyPairUtils.java:18 |
private-key has detected secret for file libs/utils/src/main/java/com/akto/utils/RSAKeyPa… |
| private-key |
libs/utils/src/main/java/com/akto/onprem/Constants.java:82 |
private-key has detected secret for file libs/utils/src/main/java/com/akto/onprem/Constan… |
There was a problem hiding this comment.
🤖 AI Security analysis: "Private cryptographic keys are embedded in source files (high severity), risking credential theft and full system compromise if the repository is exposed. Remove and rotate the keys and adopt proper secret management."
| Risk Level | AI Score |
|---|---|
| 🔴 CRITICAL | 90.0/100 |
Top 2 security issues / 2 total (Critical: 0, High: 2, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| private-key |
libs/utils/src/main/java/com/akto/utils/RSAKeyPairUtils.java:18 |
private-key has detected secret for file libs/utils/src/main/java/com/akto/utils/RSAKeyPa… |
| private-key |
libs/utils/src/main/java/com/akto/onprem/Constants.java:82 |
private-key has detected secret for file libs/utils/src/main/java/com/akto/onprem/Constan… |
There was a problem hiding this comment.
🤖 AI Security analysis: "Two high-severity hardcoded private keys were found in source files, risking credential leakage that could enable impersonation, decryption, or infrastructure access. Immediate remediation is required to remove keys and prevent further exposure."
| Risk Level | AI Score |
|---|---|
| 🔴 CRITICAL | 90.0/100 |
Top 2 security issues / 2 total (Critical: 0, High: 2, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| private-key |
libs/utils/src/main/java/com/akto/utils/RSAKeyPairUtils.java:21 |
private-key has detected secret for file libs/utils/src/main/java/com/akto/utils/RSAKeyPa… |
| private-key |
libs/utils/src/main/java/com/akto/onprem/Constants.java:82 |
private-key has detected secret for file libs/utils/src/main/java/com/akto/onprem/Constan… |
No description provided.