HIGH: Badsecrets Report

DESCRIPTION LAST UPDATED: 2025-09-06

DEFAULT SEVERITY LEVEL: HIGH

This report identifies the use of known or very weak cryptographic secrets across a variety of web frameworks/platforms. It is based on our web related scan results and utilizes the badsecrets library from Black Lantern Security to identify the weaknesses.

These “secrets” should not be in use. If you receive an alert from us make sure to replace these, but also investigate the platform for potential earlier misuse/compromise.

You can track results of our Badsecrets scans on our Dashboard.

Severity levels are described here.

For more information on our scanning efforts, check out our Internet scanning summary page.

This report has an IPv4 and IPv6 versions.

Filename(s): scan_badsecrets, scan6_badsecrets

 

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • severity
    Severity level
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the HTTP response came on (always TCP)
  • port
    Port that the HTTP response came from
  • hostname
    Reverse DNS name of the device in question
  • tag
    http/ssl/badsecret
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • hostname_source
    Hostname source
  • http
    Hypertext Transfer Protocol Version
  • http_code
    HTTP Response code: e.g., 200, 401, 404
  • server
    HTTP Server type
  • request_path
    HTTP Request path
  • cert_serial_number
    Certificate serial number
  • subject_common_name
    The Common Name (CN) of the SSL certificate
  • issuer_common_name
    The Common Name of the entity that signed the SSL certificate
  • subject_organization_name
    The subject organization name (ON) of the certificate
  • issuer_organization_name
    Issuing organization name
  • sha1_fingerprint
    SHA1 fingerprint of certificate
  • sha256_fingerprint
    SHA256 fingerprint of certificate
  • badsecret_location
    section the secret was found e.g., "header", "body"
  • badsecret_module
    detection module e.g., "ASP.NET Viewstate"
  • badsecret_type
    type of secret found e.g, "ASP.Net MachineKey"
  • badsecret_product
    secret found

Our 139 Report Types

« Back to Network Reporting