Plaintext passwords accidentally recorded in internal Github logs
Posted date 09/05/2018
Github has informed some of its users via email that, in one of their regular security auditing, they have found a bug in their password reset functionality that caused the credentials of these users to be dumped into their secure internal logs without any encryption.
Github requests that affected users have to reset their passwords and informs that passwords have only been exposed internally, so they should not have fallen into the wrong hands.
References
-
01/05/2018bleepingcomputer.com
-
02/05/2018redeszone.net
Etiquetas