Reply to post: Really a large flaw in github

Compsci student walks off with $50,000 after bug bounty report blows gaping hole in Shopify software repos


Really a large flaw in github

I think anyone that has authorised external services to access GitHub one way or another has run into this issue if they're paying attention. I've had to create secondary GitHub accounts (with more limit permissions) multiple times to be able to generate tokens with sufficiently limited privileges (or at least not massively over reaching permissions), and having that many extra GitHub accounts hanging around creates other potential problems.

It's something GitHub really need to address. There are a lot of tokens out there, it's pure luck that there haven't been more incidents.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021