๐Ÿšจ critical ๐Ÿ” Cryptographic Nightmares

arliamdesign.co.uk

RSA private key in a DKIM record

$ dig TXT arliamdesign.co.uk

;; QUESTION SECTION:

;arliamdesign.co.uk. IN TXT


;; ANSWER SECTION:

arliamdesign.co.uk. 3600 IN TXT "----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQC6peCdtspQzWlWasWWjNtECaybiQB60r05PLo0IHxRV6NtQLhI [... 20+ more lines ...] -----END RSA PRIVATE KEY-----"

What Happened

A full RSA private key was published in what appears to be a DKIM record field. DKIM records should only ever contain the *public* key. Someone copied from the wrong file. The full private key (2048-bit) was discoverable by anyone running a DNS query.

Full TXT Record Value
----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQC6peCdtspQzWlWasWWjNtECaybiQB60r05PLo0IHxRV6NtQLhI [... 20+ more lines ...] -----END RSA PRIVATE KEY-----