gratipay / security-00000 Goto Github PK
View Code? Open in Web Editor NEWdeal with leak of Venmo access/refresh tokens
deal with leak of Venmo access/refresh tokens
@Changaco asked for a dump of the elsewhere table as part of his work on gratipay/gratipay.com#1369 (IRC). I gave him:
I had decided this was acceptable because the elsewhere
table doesn't contain any information that's not publicly accessible via existing APIs (the user_info comes from public APIs on other platforms, and the link between a Gittip account and an account elsewhere is scrapable on public Gittip). Except that it does. In gratipay/gratipay.com#1857, when we added the ability to connect a Venmo account, we added access_token
and refresh_token
fields to the elsewhere
table. These are private tokens that can presumably be used to impersonate a Venmo user, which is a big deal because Venmo is a payments company and impersonating a user would likely mean taking their money.
The gist does not contain any access_token
s or refresh_token
s, because I only included the bitbucket
, bountysource
, github
, and twitter
platforms in that gist (I didn't have venmo
in mind, clearly), and we don't store oauth tokens for those platforms.
The elsewhere.tbz file contains Venmo tokens for approximately 49 users (depending on the exact state of the database when I did the export; currently there are 49 users with venmo attached).
I've taken down the elsewhere.tbz file. The static.whit537.org web server does not keep access logs, so I don't know how many times elsewhere.tbz was downloaded. It was up from Feb 4 at 12:53pm US/Eastern until today, Feb 7 at 8:45am US/Eastern.
Next steps:
I believe we should be able to simply revoke at least one of the tokens, and hopefully both.
We have another situation with Venmo where we're using an oauth app registered under my personal Venmo account, and would like to move to an oauth app registered under the Gittip Venmo account. It could make sense to make that switch as part of dealing with this ticket.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.