Summary
Reddit OAuth credentials from environment variables are used directly in HTTP Basic auth without validation, which could lead to authentication bypass if credentials contain special characters.
Location
.claude/skills/setup-agent-team/reddit-fetch.ts:82-90 — getToken()
Vulnerability
The code constructs HTTP Basic auth by concatenating CLIENT_ID and CLIENT_SECRET with a colon:
const auth = Buffer.from(`${CLIENT_ID}:${CLIENT_SECRET}`).toString("base64");If either credential contains a colon character, the Basic auth encoding is broken (the server will parse the wrong username/password). Additionally, if credentials contain newlines, they could inject headers.
Risk
- Severity: HIGH
- Impact: Authentication bypass or header injection
- Probability: Low (requires malicious env vars)
- Defense-in-depth: Validates the integrity of credential formatting
Recommendation
Add input validation before constructing the auth header:
if (CLIENT_ID.includes(':') || CLIENT_ID.includes('\n') ||
CLIENT_SECRET.includes(':') || CLIENT_SECRET.includes('\n')) {
console.error('Invalid Reddit credentials format');
process.exit(1);
}Context
Filed by automated security scan (2026-04-06)
Summary
Reddit OAuth credentials from environment variables are used directly in HTTP Basic auth without validation, which could lead to authentication bypass if credentials contain special characters.
Location
.claude/skills/setup-agent-team/reddit-fetch.ts:82-90—getToken()Vulnerability
The code constructs HTTP Basic auth by concatenating
CLIENT_IDandCLIENT_SECRETwith a colon:If either credential contains a colon character, the Basic auth encoding is broken (the server will parse the wrong username/password). Additionally, if credentials contain newlines, they could inject headers.
Risk
Recommendation
Add input validation before constructing the auth header:
Context
Filed by automated security scan (2026-04-06)