DESCRIPTION LAST UPDATED: 2025-09-05
DEFAULT SEVERITY LEVEL: HIGH
This report identifies the use of known or very weak cryptographic secrets across a variety of web frameworks/platforms. It is based on our web related scan results and utilizes the badsecrets library from Black Lantern Security to identify the weaknesses.
These secrets should not be in use. If you receive an alert from us make sure to replace these, but also investigate the platform for potential earlier misuse/compromise.
You can track results of our Badsecrets scans on our Dashboard.
Severity levels are described here.
For more information on our scanning efforts, check out our Internet scanning summary page.
This report has an IPv4 and IPv6 versions.
Filename(s): scan_badsecrets, scan6_badsecrets