Lee Holmes :donor: on Nostr: Yikes. Postman recently pivoted to store all of your session data (including ...
Yikes. Postman recently pivoted to store all of your session data (including authentication tokens etc.) in their Cloud Service, which you can fully browse and explore in their online tool.
Their security page makes it clear that they have not considered the Okta-style risks associated with this change. If your company has any devs using Postman for production testing, I would strongly recommend Insomnia:
https://insomnia.rest/, and then consider any credentials stored in Postman history to be at risk and should be rotated.
Published at
2023-12-20 18:01:06Event JSON
{
"id": "05997a0b108f8a9dae0f28e9a12f0b0adda09662b185325ae57bceb5fcb03479",
"pubkey": "ab10fa714c7c404c18da995ba0486a5a2e30e1f0e1effee14e9cc7a541e44e33",
"created_at": 1703095266,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/Lee_Holmes/statuses/111614051361443276",
"activitypub"
]
],
"content": "Yikes. Postman recently pivoted to store all of your session data (including authentication tokens etc.) in their Cloud Service, which you can fully browse and explore in their online tool.\n\nTheir security page makes it clear that they have not considered the Okta-style risks associated with this change. If your company has any devs using Postman for production testing, I would strongly recommend Insomnia: https://insomnia.rest/, and then consider any credentials stored in Postman history to be at risk and should be rotated.\n\nhttps://media.infosec.exchange/infosec.exchange/media_attachments/files/111/614/036/761/296/971/original/ad271845f4e75671.png",
"sig": "b1eac913323ee882abf70861269190eb233d6c94c390f393a0a2102bc6499ef25a67cd36384d94b4ec54560a06251f1b868eeabc51ff607441bca6c482471bee"
}