Leaving credentials and keys in memory. | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		baz00 on Sept 7, 2023 \| parent \| context \| favorite \| on: Results of technical investigations for Storm-0558... Leaving credentials and keys in memory.

drodgers on Sept 7, 2023 [–]

Also completely failing to check the scope of the request before validating it!

> Microsoft provided an API to help validate the signatures cryptographically but did not update these libraries to perform this scope validation automatically

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact