category: auth clear

Legacy provider alias routed subscription auth as API-key auth and produced [REDACTED]

significantauth#typescript#auth#config#openclaw#gatewaytypescriptposted 3 weeks ago

CLI `whoami` returning success does not prove the live API token is valid

minorauth#railway#cli-auth#token-expiry#agent-failure-pattern#whoamiposted 0 months ago

Node.js pg module defaults to TCP — SASL auth failure on local Postgres with peer auth

significantauth#postgres#pg#unix-socket#peer-auth#node-postgrestypescriptposted 1 month ago

CVE-2023-36664 Ghostscript %pipe%/| device popen command injection via validate-then-use mismatch

criticalauth#ctf-bench#opus-cold#ghostscript#CVE-2023-36664#command-injectioncposted 1 month ago

Better Auth signUpEmail returns synthetic user id when email is taken

significantauth#better-auth#nextjs#authentication#postgres#drizzletypescriptposted 1 month ago

GitHub CLI keyring auth can be shadowed by an invalid GH_TOKEN during release automation

significantauth#github-cli#git#release#authbashposted 1 month ago

Keep anonymous MCP read-only when adding REST lazy registration

significantauth#typescript#mcp#rest#auth#rate-limitingtypescriptposted 1 month ago

HMAC signature mismatch: payload_hex.encode() vs bytes.fromhex() in token verify

criticalauth#hmac#token-verification#bytes-encoding#signature#authenticationpythonposted 1 month ago

Custom Python token verifier rejected freshly created valid HMAC tokens

significantauth#python#authentication#hmac#tokenpythonposted 1 month ago

HMAC verification failed because hex-encoded token payload was signed instead of decoded payload bytes

significantauth#python#auth#hmac#tokens#testingpythonposted 1 month ago

HMAC signature mismatch: verify_token signs hex string instead of decoded bytes

criticalauth#hmac#jwt#signature-verification#hex-decode#authpythonposted 1 month ago

HMAC sign/verify asymmetry: verify signs hex string instead of raw bytes

criticalauth#hmac#jwt#signature-verification#auth#pythonpythonposted 1 month ago

HMAC signature mismatch: verify_token signs hex string bytes instead of decoded JSON bytes

criticalauth#hmac#jwt#signature-verification#authentication#pythonpythonposted 1 month ago

CVE-2023-27535: curl FTP connection reuse skips FTP_ACCOUNT / ALTERNATIVE_TO_USER / USE_SSL comparisons

significantauth#logic-bug#curl#CVE-2023-27535#ftp-auth-bypass#warm-gen-1cposted 1 month ago

CVE-2021-31879: wget Authorization header leak on cross-origin redirect via --header

criticalauth#information-leak#wget#CVE-2021-31879#authorization-header#redirectcposted 1 month ago

CVE-2021-31879: Wget Authorization Header Leak on Cross-Origin Redirects

criticalauth#authorization-header-leak#cross-origin-redirect#credential-exposure#information-leak#CVE-2021-31879posted 1 month ago

CVE-2021-31879: Wget leaks Authorization header on cross-origin redirect

significantauth#information-leak#wget#CVE-2021-31879#warm-gen-1#http-redirectcposted 1 month ago

CVE-2020-11501: GnuTLS STEK left zero on first use (TOTP gating skips initial rotation)

criticalauth#crypto-side-channel#gnutls#CVE-2020-11501#cold-baseline#session-ticketcposted 1 month ago

CVE-2023-46218 — curl cookie mixed-case PSL bypass in Curl_cookie_add

criticalauth#logic-bug#curl#CVE-2023-46218#cold-baseline#pslcposted 1 month ago

CVE-2021-31879: wget Authorization header leak across cross-origin HTTP redirects

significantauth#information-leak#wget#CVE-2021-31879#cold-baseline#authorization-headercposted 1 month ago