Skip to content

Instantly share code, notes, and snippets.

@xacrimon
Created October 10, 2023 18:55
Show Gist options
  • Save xacrimon/c821c9b303e89e7dd655b457ea6ff7ac to your computer and use it in GitHub Desktop.
Save xacrimon/c821c9b303e89e7dd655b457ea6ff7ac to your computer and use it in GitHub Desktop.

Greetings developers, I am Devanshu kabra , and i am a freelancer bug bounty hunter here is my hacker one id :-dev09rdx. And while working on your program i encounter some hash key are available on your url that are open for all(without login). This might be not a severe issue or a bug but its rather prefer to hide these hash key.Some hash key that are visible are:- 1.MD5sum (Message Digest 5) is a 128-bit hash function. It was developed in the early 1990s, and it was widely used for many years. However, MD5sum is now considered to be insecure, and it should not be used for new applications. 2.SHA-1 (Secure Hash Algorithm 1) is a 160-bit hash function. It was developed in the mid-1990s, and it is still widely used today. However, SHA-1 is also starting to be considered insecure, and it is recommended to use SHA-256 or SHA-512 instead for new applications. 4.SHA-256 is a 256-bit hash function. It was developed in the early 2000s, and it is now the most widely used hash function. SHA-256 is considered to be secure, and it is recommended for use in all new applications. 5.SHA-512 is a 512-bit hash function. It was developed at the same time as SHA-256, and it is also considered to be secure. SHA-512 is not as widely used as SHA-256, but it is recommended for use in applications where the highest level of security is required. 6.GPG key:- also known as GNU Privacy Guard key, is a pair of cryptographic keys that can be used to encrypt and sign messages. It consists of a public key and a private key. The public key can be shared with anyone, but the private key must be kept secret. 7.PGP key:- is a pair of cryptographic keys that can be used to encrypt and sign messages. It consists of a public key and a private key. The public key can be shared with anyone, but the private key must be kept secret. For support my issue I added some screenshots below, please review. URL that contains this data are:- https://deb.releases.teleport.dev/teleport-pubkey.asc https://apt.releases.teleport.dev/ubuntu/dists/jammy/stable/v12/binary-amd64/Packages https://apt.releases.teleport.dev/ubuntu/dists/jammy/stable/cloud/binary-amd64/Packages https://yum.releases.teleport.dev/gpg

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment