curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: How to stop bearer tokens leaking

From: Patrick Monnerat via curl-library <>
Date: Sat, 6 Nov 2021 02:03:36 +0100

On 11/5/21 16:40, Stephen Booth via curl-library wrote:
> I missed the --oauth-bearer option because I checked the flags on an
> old box  with an old curl version :-)

Your version is more than 8 years old ! :-( You better upgrade, as a lot
of other more serious security problems have been fixed since then.

Please note also that argument obfuscation does not reduce the leakage
risk to 0: there's still a tiny time between the program start and the
info erasure, and it even does not work for some OSes.

Received on 2021-11-06