Category

Credential Exposure

Security vulnerabilities and automated fixes for credential exposure issues

4 posts found

critical8 min

How GitHub token exposure happens in TypeScript CLI utilities and how to fix it

A critical credential exposure vulnerability was discovered in `cli/src/utils/github.ts`, where three GitHub API fetch calls were made without any safe token-loading mechanism, risking accidental hardcoding or token leakage in logs and CI/CD pipelines. The fix introduces a centralized `getAuthHeaders()` function that reads the token exclusively from the `GITHUB_TOKEN` environment variable and safely injects it into all outbound API requests. This ensures credentials never touch source code, buil

#security#typescript#credential-exposure+4 more
O
orbisai0security
Jun 25, 2026
medium7 min

Plaintext Password Exposure Fixed in aroma.py CLI Keystore Tool

A medium-severity vulnerability in `tools/cli/aroma.py` allowed keystore passwords entered via the `get_input()` function to be displayed in plaintext on the terminal, stored unmasked in memory, and potentially recorded in shell history files. The fix introduces Python's `getpass` module and a new `secret` parameter to `get_input()`, ensuring sensitive credential input is properly masked during entry. This change directly protects users of the CLI tool from credential exposure during routine key

#python#cli-security#password-masking+4 more
O
orbisai0security
Jun 1, 2026
high8 min

Hardcoded API Keys in Init Scripts: A Silent Security Disaster

A critical security vulnerability was discovered and patched in the nullclaw-init script, where API keys were hardcoded directly into the source code at multiple locations. This type of exposure means anyone with read access to the repository or installed files can silently extract and abuse credentials without any technical hacking required. The fix eliminates this risk by removing hardcoded secrets in favor of secure credential management practices.

#security#api-keys#secrets-management+4 more
O
orbisai0security
May 16, 2026
medium5 min

Google OAuth Token Exposure: How a Leaked Access Token Put API Security at Risk

A medium-severity security vulnerability was discovered where a Google OAuth access token was inadvertently exposed in documentation files. This incident highlights the critical importance of secrets management and demonstrates how even non-code files can become vectors for credential leakage, potentially granting unauthorized access to Google APIs and user data.

#security#oauth#secrets-management+4 more
O
orbisai0security
Mar 6, 2026