Skip to content

Insecure GitHub login! #561

@kuxynator

Description

@kuxynator

On first start you have to login to you GitHub account.
But the login comes not from the standard browser.
https://prnt.sc/8HUPdBzRjiqs
So I do not know from where the page is, looking like GitHub login, nor where the data is sent.
Any fraudulent app uses such data scam page.
I have to entrust my highly sensitive credentials to an unknown/untrusted third-party application? This is not acceptable. (and also not necessary)

Solution:
Open the GitHub authentication request in the default browser. In the trusted default browser, you are already logged in, so no transfer of personal credentials is usually required. This ensures that no third-party application knows the credentials.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or enhancement to existing functionalitypriority:highItems of high importance. Applicable to all users or use-cases

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions