starred/Docker-OSX-sickcodes
1
0
Fork 0
mirror of https://github.com/sickcodes/Docker-OSX.git synced 2026-01-14 15:43:32 +01:00
Code Issues 411 Packages Projects Releases Wiki Activity

Default Password in general & Helm Chart Default Password #204

New Issue
Open
opened 2025-12-29 05:24:36 +01:00 by adam · 0 comments
adam commented 2025-12-29 05:24:36 +01:00
Owner
Copy Link

Originally created by @sickcodes on GitHub (Jun 16, 2021).

For the auto container, the username and password is alpine.

In the next few weeks I'll add some of the massively optimized processes I've added to local containers that make Docker-OSX run extremely fast: animations, backgrounds, default services, spotlight, updates etc.

How should we address the default container username and passwords in the kubernetes helm chart?

Also this email came from a gmail, so I don't think it's the real Samsung Security Team, but thanks to whomever sent the email anyway!

If it was Samsung Security, then thank you!


Dear sickcodes.

We hope this reaches you on time.
We are Security Team at Samsung Research. We are researching
credential leaks in source code(repositories).

We have found credentials that we suspect may contain real credential
information in the master (or default branch) of your repository using
several open source credential detection tools※ to detect credentials.


These are the credentials that have found in your
repository(sickcodes/Docker-OSX):

File Name / Line
helm/values.yaml / password: "a5aeQbaPd4$jR80Q43"
Dockerfile.auto / # password: alpine
README.md / Pre-made system by [Sick.Codes](https://sick.codes):
username: `user`, password: `alpine`
helm/values.yaml / password: a5aeQbaPd4$jR80Q43


We are not 100% sure that the credential(s) in the above results are
actual security threats.

If the credential(s) is(are) an actual threat, please remove or revoke them.

We are looking forward to receiving your valuable review of the above
credentials to get feedback on our work.

Additionally, we are collecting data to evaluate the performance of
several open source credential detection tools※, and the above
information may be included in the data.
Some kinds of obfuscation will be applied before releasing the data,
and we will not use the detected credentials improperly at all.

We hope that we're contributing to the security of your open source project.

If you have any questions, please let us know.


※ Used open source credential detection tools

. credential-digger(https://github.com/SAP/credential-digger)

. detect-secrets(https://github.com/Yelp/detect-secrets)

. gitleaks(https://github.com/zricethezav/gitleaks)

. gitrob(https://github.com/michenriksen/gitrob)

. shhgit(https://github.com/eth0izzle/shhgit)

. trufflehog(https://github.com/trufflesecurity/truffleHog)


Best regards,
Security Team @ Samsung Research
Originally created by @sickcodes on GitHub (Jun 16, 2021). For the auto container, the username and password is alpine. In the next few weeks I'll add some of the massively optimized processes I've added to local containers that make Docker-OSX run extremely fast: animations, backgrounds, default services, spotlight, updates etc. How should we address the default container username and passwords in the kubernetes helm chart? Also this email came from a gmail, so I don't think it's the real Samsung Security Team, but thanks to whomever sent the email anyway! If it was Samsung Security, then thank you! ``` Dear sickcodes. We hope this reaches you on time. We are Security Team at Samsung Research. We are researching credential leaks in source code(repositories). We have found credentials that we suspect may contain real credential information in the master (or default branch) of your repository using several open source credential detection tools※ to detect credentials. These are the credentials that have found in your repository(sickcodes/Docker-OSX): File Name / Line helm/values.yaml / password: "a5aeQbaPd4$jR80Q43" Dockerfile.auto / # password: alpine README.md / Pre-made system by [Sick.Codes](https://sick.codes): username: `user`, password: `alpine` helm/values.yaml / password: a5aeQbaPd4$jR80Q43 We are not 100% sure that the credential(s) in the above results are actual security threats. If the credential(s) is(are) an actual threat, please remove or revoke them. We are looking forward to receiving your valuable review of the above credentials to get feedback on our work. Additionally, we are collecting data to evaluate the performance of several open source credential detection tools※, and the above information may be included in the data. Some kinds of obfuscation will be applied before releasing the data, and we will not use the detected credentials improperly at all. We hope that we're contributing to the security of your open source project. If you have any questions, please let us know. ※ Used open source credential detection tools . credential-digger(https://github.com/SAP/credential-digger) . detect-secrets(https://github.com/Yelp/detect-secrets) . gitleaks(https://github.com/zricethezav/gitleaks) . gitrob(https://github.com/michenriksen/gitrob) . shhgit(https://github.com/eth0izzle/shhgit) . trufflehog(https://github.com/trufflesecurity/truffleHog) Best regards, Security Team @ Samsung Research ```
adam added the enhancementhelp wantedquestioninvalid labels 2025-12-29 05:24:36 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
documentation
enhancement
following upstream developments
good first issue
help wanted
invalid
pull-request
Mirrored from GitHub Pull Request
 question
No Label enhancement help wanted invalid question
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/Docker-OSX-sickcodes#204
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?