back to article GitHub bug briefly gave valid authenticated session cookies to wrong users

If you visit GitHub today you’ll be asked to authenticate anew because the code collaboration locker has squished a bug that sometimes “misrouted a user’s session to the browser of another authenticated user, giving them the valid and authenticated session cookie for another user.” GitHub disclosed the problem today, explain …

  1. Ken Moorhouse Silver badge

    ...the remote possibility...

    Is that remote, as in statistically insignificant, or remote, as in some undefined distance away, possibly as close as a few kilometres?

    1. Marcelo Rodrigues
      Trollface

      Re: ...the remote possibility...

      "Is that remote, as in statistically insignificant, or remote, as in some undefined distance away, possibly as close as a few kilometres?"

      It's remote as "one in a million chance" - which occurs in 9 of 10 cases.

  2. NonSSL-Login

    Lies, damn lies and statistics

    2020 stats have monthly active users of Github at 40 million. 0.001% is 400 users affected unless im still half asleep and need more caffeine.

    PR department obviously though 0.001% looked better than 400 users having full access to code they should not have access too.

  3. razorfishsl

    now move the decimal place by the number of users....

  4. Claptrap314 Silver badge

    Can you create a PAT without reauthenticating?

    And how did they ascertain the number of bad sessions?

    This sounds like potentially a lot bigger deal than they are saying.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021