Hacker News new | past | comments | ask | show | jobs | submit login

Leaving credentials and keys in memory.



Also completely failing to check the scope of the request before validating it!

> Microsoft provided an API to help validate the signatures cryptographically but did not update these libraries to perform this scope validation automatically




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: