CISA Contractor Exposes AWS GovCloud Credentials on Public GitHub
What Happened – A contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that inadvertently published highly‑privileged AWS GovCloud access keys, plaintext passwords, tokens, and internal configuration files. The repository was discovered by GitGuardian researchers and subsequently removed.
Why It Matters for TPRM –
- Exposure of privileged cloud credentials can enable attackers to access sensitive government workloads.
- Demonstrates the risk of third‑party contractors mishandling secrets in public code repositories.
- Highlights the need for continuous monitoring of supplier code assets for secret leakage.
Who Is Affected – Federal government agencies, cloud‑hosting providers (AWS GovCloud), and any downstream vendors that integrate with CISA’s cloud environments.
Recommended Actions –
- Review all third‑party contracts for mandatory secret‑management policies.
- Enforce GitHub secret‑scanning and disable the ability to publish secrets publicly.
- Rotate all exposed AWS keys and passwords immediately; audit for any unauthorized access.
Technical Notes – The leak stemmed from a disabled GitHub secret‑detection feature, allowing SSH keys, AWS access keys, and plaintext CSV password files to be committed. No specific CVE is involved; the issue is a classic misconfiguration and poor secret‑handling practice. Source: Krebs on Security