Authentication
Clone2Leak attacks exploit Git flaws to steal credentials
A set of three distinct but related attacks, dubbed ‘Clone2Leak,’ can leak credentials by exploiting how Git and its credential helpers handle authentication requests. The attack can compromise passwords and access tokens in GitHub Desktop, Git LFS, GitHub CLI/Codespaces, and the Git Credential Manager. The flaws that make ‘Clone2Leak’ possible were discovered by Japanese researcher RyotaK […]
New FIDO proposal lets you securely move passkeys across platforms
The Fast IDentity Online (FIDO) Alliance has published a working draft of a new specification that aims to enable the secure transfer of passkeys between different providers. Passkeys are a method of authentication without a password that leverages public-key cryptography to authenticate users without requiring them to remember or manage long strings of characters. FIDO reports that […]