Thousands of Firefox cookie databases containing sensitive data currently appear in GitHub’s repository, and these data may be used to hijack authenticated sessions. These cookies.SQLite databases are usually located in the Firefox profile folder. They are used to store cookies between browsing sessions. They can now be found by searching GitHub using specific query parameters, which is known as search dork.
Aidan Marlin, a security engineer at Trainline, a London-based railway travel service company, reported his findings through HackerOne, and was informed by a GitHub representative that “after the credentials exposed by our users are out of scope, we remind The Register of the public availability of these files. Our Vulnerability Bounty Program”. Marlin then asked him if he could make his findings public, and was told that he was free to do so.
In an email sent to The Register, Marlin said: I am frustrated that GitHub does not take user safety and privacy seriously. It can at least prevent this GitHub dork. The result appears. If the people who uploaded these cookie databases knew what they did, they would pee their pants.
Join RealMi Central on Telegram, Facebook & Twitter
Marlin admitted that affected GitHub users failed to prevent their cookies.SQLite database from being included when they submitted code and pushed it to the public repository, and therefore should be blamed. “But this dork has nearly 4,500 hits, so I think GitHub also has the obligation to pay attention.” He said, adding that he had notified the Office of the British Information Commissioner because personal information was at risk.
Marlin speculates that this oversight was the result of submitting code from one’s Linux home directory. He explained: I think in most cases, individuals don’t know that they have uploaded their cookie database. A common reason for users to do this is a public environment that spans multiple machines.
Marlin said that GitHub dorks are not new, but they usually only affect a single service, such as AWS. This particular error is disturbing because it may allow an attacker to visit any Internet-facing website where the GitHub user has been authenticated by the website when the cookie file is submitted. He added that it may also be possible to find fools in other browsers.