> On 13 Jun 2025, at 18:41, Taras Kloba wrote:
>
> Hi hackers,
>
> I discovered a minor security issue in the OAuth authentication code where
> sensitive bearer tokens are not completely cleared from memory.
>
> ## The Issue
>
> In src/backend/libpq/auth-oauth.c, the oauth_exchange() function
Hi hackers,
I discovered a minor security issue in the OAuth authentication code where
sensitive bearer tokens are not completely cleared from memory.
## The Issue
In src/backend/libpq/auth-oauth.c, the oauth_exchange() function attempts
to
clear the bearer token from memory using explicit_bzero
