Vulnerabilities in authentication or session management could manifest themselves in a number of ways. This could be a gap or bug in authentication logic, password reset flows, or SSH key validation. A vulnerability in one of these components could range in impact, from assisting in a social engineering attack to a full compromise of user accounts.
Our applications support a number of authentication methods. On GitHub.com this includes our login form, authentication to other applications with OAuth, authentication between GitHub services with signed tokens, and maintaining authentication state through session cookies. Each of these methods is a complex system and requires Serious Security Scrutiny™.
To bolster the security of authentication, our web-based and API logins support two-factor authentication to minimize the impact of compromised user credentials. Additionally, to limit the impact of a compromised session, we require re-authentication for sensitive tasks with what we call Sudo Mode.
More about authentication and session management vulnerabilities from OWASP’s Top 10 :
Developers frequently build custom authentication and session management schemes, but building these correctly is hard. As a result, these custom schemes frequently have flaws in areas such as logout, password management, timeouts, remember me, secret question, account update, etc. Finding such flaws can sometimes be difficult, as each implementation is unique.
|1||1000 pts Antonio Sanso Cross-origin brute-forcing of SAML and 2FA recovery codes|
|2||600 pts Ioannis Kakavas SAML Response attribute not revoked to prevent replay attacks|
|3||5000 pts Brian Soby GitHub Enterprise SAML signature bypass|
|4||5000 pts Ioannis Kakavas GitHub Enterprise SAML signature bypass|
|5||10000 pts Ioannis Kakavas GitHub Enterprise SAML authentication bypass|