Category

Credential Storage

Security vulnerabilities and automated fixes for credential storage issues

4 posts found

critical7 min

How unsafe buffer copying happens in C credential storage and how to fix it

A critical vulnerability in `lib/server.c` allowed attackers to trigger out-of-bounds memory reads when copying credentials via unsafe `memcpy()` calls. By replacing `memcpy()` with bounds-safe `strlcpy()`, the fix ensures credentials are safely stored without buffer overruns or null-termination issues.

#buffer-overflow#c-security#credential-storage+4 more
O
orbisai0security
Jun 7, 2026
medium7 min

Plaintext OAuth Token Storage: A Medium-Severity Vulnerability Fix

A medium-severity vulnerability was discovered in a Docker CLI authentication plugin where OAuth tokens and API keys were stored in plaintext on the local filesystem without any encryption. Despite having PBKDF2 cryptographic capabilities available in the project dependencies, the authentication store was writing sensitive credentials directly to disk, exposing them to potential theft by malicious actors with filesystem access.

#security#oauth#authentication+4 more
O
orbisai0security
Mar 28, 2026
high6 min

Plaintext OAuth Token Storage: A Silent Security Risk in Your Application

A medium-severity vulnerability was discovered where OAuth tokens and API keys were stored in plaintext on the local filesystem without encryption. Despite having PBKDF2 cryptographic capabilities available in the application's dependencies, these sensitive credentials were written directly to disk, exposing users to potential credential theft and unauthorized account access.

#security#oauth#credential-storage+4 more
O
orbisai0security
Mar 28, 2026
medium6 min

Plaintext OAuth Tokens: A Critical Security Flaw in Credential Storage

A medium-severity vulnerability was discovered where OAuth tokens and API keys were being stored in plaintext on the local filesystem without any encryption. Despite having PBKDF2 cryptographic capabilities available in the application's dependencies, credentials were written directly to disk, exposing users to potential token theft and unauthorized account access.

#security#oauth#encryption+4 more
O
orbisai0security
Mar 28, 2026