GitHub Security Update: A Bug Related to Handling Of Authenticated Sessions

GitHub Security Update: A Bug Related to Handling Of Authenticated Sessions

GitHub security update: A bug related to handling of authenticated sessions. We invalidated all authenticated sessions on GitHub.com - GitHub received an external report of anomalous behavior for their authenticated GitHub.com user session. Upon receiving the report, GitHub Security

Why did I get logged out of GitHub.com?

On the evening of March 8, we invalidated all authenticated sessions on GitHub.com created prior to 12:03 UTC on March 8 out of an abundance of caution to protect users from an extremely rare, but potentially serious, security vulnerability affecting a very small number of GitHub.com sessions.

On March 2, GitHub received an external report of anomalous behavior for their authenticated GitHub.com user session. Upon receiving the report, GitHub Security and Engineering immediately began investigating to understand the root cause, impact, and prevalence of this issue on GitHub.com. We took initial corrective action to patch the vulnerability on March 5 and continued our analysis throughout the weekend.

The patch to resolve the bug and session invalidation resolves the issue and you may log back in at any time.

What happened and what actions have we taken?

In extremely rare circumstances, a race condition in a backend request handling process could have misrouted a user’s session to the browser of another authenticated user, giving them the valid and authenticated session cookie for another user. It is important to note that this issue was not the result of compromised account passwords, SSH keys, or personal access tokens (PATs) and there is no evidence to suggest that this was the result of a compromise of any other GitHub systems. Instead, this issue was due to the rare and isolated improper handling of authenticated sessions. Further, this issue could not be intentionally triggered or directed by a malicious user.

company security github

What is Geek Coin

What is GeekCash, Geek Token

Best Visual Studio Code Themes of 2021

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Best Custom Web & Mobile App Development Company

Top Web & Mobile Application Development Company in India & USA. We specialize in Golang, Ruby on Rails, Symfony, Laravel PHP, Python, Angular, Mobile Apps, Blockchain, & Chatbots

Hire Best Security Guard Company | UGS Security

UGS Security is a best security guard company. We possess a team of reliable and trained security guards.

Stay Safe on GitHub: Security Practices to Follow

As developers in this deeply interconnected community use open source code to build software, Github security should be a top priority. This is because extensive code re-use increases the risk of distributing vulnerabilities from one dependency or repository to another. As such, every contributor should focus on creating a secure development environment. Here are eight security practices that GitHub users can follow to stay safe and protect their code:

Stay Safe on GitHub: Security Practices to Follow

As developers in this deeply interconnected community use open source code to build software, Github security should be a top priority. This is because extensive code re-use increases the risk of distributing vulnerabilities from one dependency or repository to another. As such, every contributor should focus on creating a secure development environment. Here are eight security practices that GitHub users can follow to stay safe and protect their code:

Stay Safe on GitHub: Security Practices to Follow

As developers in this deeply interconnected community use open source code to build software, Github security should be a top priority. This is because extensive code re-use increases the risk of distributing vulnerabilities from one dependency or repository to another. As such, every contributor should focus on creating a secure development environment. Here are eight security practices that GitHub users can follow to stay safe and protect their code: