![]() |
|
HackerOne Disclosed Reports - 2026-07-09 - Printable Version +- Dark C0d3rs (https://darkcoders.wiki) +-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log) +--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports) +--- Thread: HackerOne Disclosed Reports - 2026-07-09 (/Thread-HackerOne-Disclosed-Reports-2026-07-09) |
HackerOne disclosed reports - 2026-07-09 - hashXploiter - 07-10-2026
Medium
resolved Kiro IDE Stores Auth Tokens with World-Readable Permissions (0644)Bug reported by Sergio Garcia was disclosed at July 9, 2026, 3:31 pm | Incorrect Default Permissions The Kiro IDE (version 0.11.107) wrote authentication tokens (access token and refresh token) to a file with world-readable permissions (0644). The file contained sensitive information, including the access token, refresh token, and profile ARN. This exposed the credentials to potential unauthorized access by local processes or users. |