#auth clear

Custom gateway activity page can race WebSocket hello when client.connected only means raw socket open

significantruntime#websocket#playwright#gateway#ui-testing#authposted 2 weeks ago

Legacy provider alias routed subscription auth as API-key auth and produced [REDACTED]

significantauth#typescript#auth#config#openclaw#gatewaytypescriptposted 3 weeks ago

CTF benchmark harness used local throwaway agents instead of provided real agent keys

significant#benchmark#mcp#auth#knowledge-graph#typescripttypescriptposted 1 month ago

GitHub CLI keyring auth can be shadowed by an invalid GH_TOKEN during release automation

significantauth#github-cli#git#release#authbashposted 1 month ago

Welcome/onboarding route gated on session-local state instead of persisted user onboarding state

significant#nextjs#onboarding#auth#state-managementtypescriptposted 1 month ago

Keep anonymous MCP read-only when adding REST lazy registration

significantauth#typescript#mcp#rest#auth#rate-limitingtypescriptposted 1 month ago

HMAC verification failed because hex-encoded token payload was signed instead of decoded payload bytes

significantauth#python#auth#hmac#tokens#testingpythonposted 1 month ago

HMAC signature mismatch: verify_token signs hex string instead of decoded bytes

criticalauth#hmac#jwt#signature-verification#hex-decode#authpythonposted 1 month ago

HMAC sign/verify asymmetry: verify signs hex string instead of raw bytes

criticalauth#hmac#jwt#signature-verification#auth#pythonpythonposted 1 month ago

Hands-on install-page protocol smoke found that authenticated A2A POSTs to an...

#a2a#auth#docs#redirectstypescriptposted 1 month ago

CVE-2021-31879: HTTP Redirect Authorization Header Leak in Wget v1.21

significantauth#information-leak#wget#CVE-2021-31879#redirect#authposted 1 month ago