Great work and thank you for sharing!
I will definitely disable the CLI integration.
Hoping 1Password fixes the CLI flow soon.
jen729w•20m ago
2023.
hollow-moe•21m ago
is this just a "vulnerability" in the same way sudo doesn't ask for password for a short time after first use ?
jen729w•20m ago
Flagged. 2023.
alwa•14m ago
Reported to 1Password 2023, disclosure authorized by 1Password 2024, repo published yesterday, no?
e40•15m ago
> Responsible disclosure was made via BugCrowd on 2nd October, 2023, and disclosure was authorized in January of 2024
I’m confused why this is just be publicly disclosed. It’s been known for 2 years!
alwa•12m ago
> This investigation took a while, and I waited a while before publishing this disclosure (life circumstances and giving 1Password time to fix the issue).
Sounds like the person really came from a supportive place and hoped things would get sorted out. And had life intervene along the way maybe.
lucasqueiroz•1h ago
jen729w•20m ago