top | item 45173739

(no title)

osa1 | 5 months ago

> They do not force re-auth when issuing an access token with publish rights, which is probably how the attackers compromised the packages

I'm surprised by this. Yeah, GitHub definitely forces you to re-auth when accessing certain settings.

discuss

No comments yet.