Mailgun secrets found in logs

firetail:insight-mailgun-secrets-in-logs

Type:

Detection

Rule Severity:

Info

Tokens that match the format for Mailgun secret keys were found in the logs of the affected API.

Mailgun secrets refer to API keys or credentials used for authenticating requests to Mailgun's email service. These keys grant access to Mailgun's API and services, and they should be kept confidential to prevent unauthorized access to your email functionality and data.

Remediation

Mailgun secret keys should not be transmitted over the network. Review the logs in question and verify that the transmission of secrets is happening in accordance with your security policies.

Example Attack Scenario

How to Identify with Example Scenario

How to Resolve with Example Scenario

How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

How to Resolve with Example Scenario

Modify the text in bold to resolve issues such as these in API specifications
References:

More findings

All Findings
AppSync GraphQL API resolver count limit not set
Field duplication
Undefined string limit
XSS attempt found in logs
Majority response status codes 1XX
Average response header size reduced