|
|
|
|
|
|
by nipunn1313
3451 days ago
|
|
|
The oauth tokens are stored on the client. In order to exploit the suggested privilege escalation, you would need to exploit the client to feed you the oauth code. If you are exploiting the 1password client, you can do ANYTHING (including grabbing passwords after you unencrypt, reading filesystem, popping up a PWNED dialog). I don't think this effort should be urgent for 1password. This recommendation doesn't make me feel meaningfully safer (unless 1password has some clever process jailing inside their code to isolate the decryption component from the cloud component) |
|
|