Skip to content

Information Disclosure: Private key exposure via helper detector

Identifier: private_key_exposure

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Private key exposure via helper endpoints can reveal sensitive cryptographic keys that should not be publicly accessible, potentially allowing attackers to decrypt data or impersonate services.

How we test: We test for private key exposure by attempting to query helper endpoints on node_modules and analyzing responses to detect if private keys or other sensitive cryptographic material are exposed.

Configuration

Example

Example configuration:

---
security_tests:
  private_key_exposure:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.