RSA Private Key Detected
Description
The application exposes one or more RSA private keys through publicly accessible web pages. RSA private keys are cryptographic secrets used for decrypting sensitive data and creating digital signatures. These keys must remain confidential—if an attacker obtains a private key, they can impersonate the key owner, decrypt protected communications, and compromise any system trusting that key. Private keys should never be accessible via web interfaces or stored in publicly reachable locations.
Remediation
Take immediate action to secure the exposed private key:
1. Remove the private key immediately from all publicly accessible locations including web directories, repositories, and configuration files.
2. Revoke and replace the compromised key by generating a new RSA key pair and updating all systems that use it. Revoke any certificates associated with the exposed key.
3. Audit access logs to determine if the private key was accessed by unauthorized parties and assess potential compromise.
4. Store private keys securely using appropriate methods:
- Use hardware security modules (HSMs) or key management services - Store keys in protected directories with restricted permissions (chmod 600) - Encrypt keys at rest using strong encryption - Never commit private keys to version control systems - Use environment variables or secure vaults (e.g., HashiCorp Vault, AWS Secrets Manager)
5. Implement access controls to ensure only authorized processes and users can access private keys, and regularly rotate cryptographic keys according to your security policy.