Challenge 43

Welcome to challenge Challenge 43. You need to guess the secret that is hidden in Java, Docker, Kubernetes, Vault, AWS or GCP.

Reddit Blunder

People easily make mistakes. They can, for instance, share an "innocent" piece of data over social media which later turns out to be a secret. Or they can post something on the "wrong screen" and submit it. Additionally, some password managers will happily auto-fill or paste something on any page or screen.

Similarly, a developer in the OWASP community who also happened to be an active redditor, left a secret on the platform 'by mistake'.

Can you find the secret?

Answer to solution :

This challenge can be solved as follows:

  1. Search for the keyword 'developer' in r/owasp subreddit.

  2. The secret will be in plain sight in a comment on one of the posts found in the posts from step 1.

Why should we not share a secret on social media?

Sharing a secret from your application on social media is a really bad practice because it becomes publicly available for anyone to abuse if they learn about the context in which the secret is used.

Although the user or platform can often delete comments/posts, the secret almost always ends up in some database that could get leaked.

Never share any secrets, personal or work-related, on social media!