A set of attacks called ‘Clone2Leak’ has been identified that exploit flaws in Git authentication processes, allowing attackers to steal credentials from GitHub repositories. These attacks can compromise passwords and access tokens used across multiple platforms like GitHub Desktop, Git LFS, and the Git Credential Manager.
The vulnerabilities were discovered by researcher RyotaK of GMO Flatt Security and reported responsibly to the affected projects. While security patches have been released for all affected flaws, users are advised to upgrade to safe versions of their tools to prevent potential credential leaks.
The attacks work by exploiting improper handling of authentication requests in Git’s credential helpers, which store and retrieve credentials securely. Attackers can trick these systems into leaking sensitive information to malicious servers, leading to unauthorized access or data breaches.
Users should ensure they are running updated versions of the following tools:
– GitHub Desktop 3.4.12 or newer
– Git Credential Manager 2.6.1 or later
– Git LFS 3.6.1 or later
– gh cli 2.63.0 or newer
Additionally, enabling an extra layer of defense like Git’s ‘credential.protectProtocol’ can enhance security against credential smuggling attacks. The report notes that while no active exploitation has been reported in the wild, the risk remains elevated with the details now publicly available.
Source: https://www.bleepingcomputer.com/news/security/clone2leak-attacks-exploit-git-flaws-to-steal-credentials