Summary by Uma_Maheshwar_Ayyala
Hardcoded API Key Found in Public NASA GitHub Repository Allowing Unauthorized Access to Licensed Academic Data
During my security research, I identified a hardcoded API key within NASA's public GitHub repository: podaac_tools_and_services. The key appeared to provide access to Elsevier's Scopus API — a licensed academic service that offers premium search capabilities for scientific literature, including research articles, author profiles, and institutional affiliations.
Exposure of such credentials in public repositories can allow unauthorized users to access premium or sensitive data, violate third-party licensing agreements, or result in service abuse. Responsible disclosure of this issue helped ensure the protection of licensed academic resources and reduce potential misuse.