Replies: 2 comments 5 replies
-
|
thanks for the suggestion. just to clarify, this isn't a secret (password) that was left exposed unintentionally, but rather a misconfiguration that indicates a bad practice, correct? just want to properly classify the request |
Beta Was this translation helpful? Give feedback.
-
|
It could be unintentional (accidental from the developer) or intentional (bad practice) or malicious. |
Beta Was this translation helpful? Give feedback.
-
|
Same request? |
Beta Was this translation helpful? Give feedback.
-
|
No I don't think this is the same as a weak password specifically for SSH. It's more broad than that. |
Beta Was this translation helpful? Give feedback.
-
|
It's not limited to SSH. The PR tries to scan |
Beta Was this translation helpful? Give feedback.
-
|
But will it detect |
Beta Was this translation helpful? Give feedback.
-
|
I'm not sure if weak passwords include an empty one or not. |
Beta Was this translation helpful? Give feedback.
-
Description
If a Docker image has either of the following in its /etc/shadow file then it can mean that there is either a hard coded password or an empty account password.
or
root:$y$j9T$MfMQyyvhU0VftFUhpmkUS/$pPrE9qJcAx6Ac6hL5ovoMZRXoleaaex.jSZBs3iy3.1:19775:0:99999:7:::Or if it is not the following:
Such an instance should be found as part of Trivy's image scanning with the secrets scanner enabled.
Target
Container Image
Scanner
Secret
Beta Was this translation helpful? Give feedback.
All reactions