The miniorange_saml (aka Miniorange Saml) extension prior to 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys.
miniorange saml
Vulmon