Title: paratrooper-pingdom-1.0.0 ruby gem exposes API login credentials 

Author: Larry W. Cashdollar, @_larry0

Date: 12/26/2013

Vulnerable Code:

From: paratrooper-pingdom-1.0.0/lib/paratrooper-pingdom.rb 

 24       def setup(options = {})
 25         %x[curl https://api.pingdom.com/api/2.0/checks -X PUT -d "paused=tru    e" -H "App-Key: #{app_key}" -u "#{username}:#{password}"]
 26       end
 27 
 28       def teardown(options = {})
 29         %x[curl https://api.pingdom.com/api/2.0/checks -X PUT -d "paused=fal    se" -H "App-Key: #{app_key}" -u "#{username}:#{password}"]
 30       end