| शीर्षक | NousResearch hermes-agent <= v2026.4.23 Improper Authentication (CWE-287) |
|---|
| विवरण | # Technical Details
An Authorization Bypass exists in the `_sync_anthropic_entry_from_credentials_file` method in `agent/credential_pool.py` of hermes-agent.
The application fails to properly isolate multi-tenant credentials during pool rotation when a token encounters a rate limit.
# Vulnerable Code
File: agent/credential_pool.py
Method: _sync_anthropic_entry_from_credentials_file
Why: The method blindly reads the global `~/.claude/.credentials.json` file and overrides individual exhausted pool entries, collapsing distinct accounts into one.
# Reproduction
1. Configure `auth.json` with multiple Anthropic `claude_code` tokens and set a specific token in `~/.claude/.credentials.json`.
2. Induce rate limiting (HTTP 429) for the tokens in the pool to trigger exhaustion and rotation.
3. Observe that `_sync_anthropic_entry_from_credentials_file` overwrites each exhausted token with the contents of the global credentials file.
# Impact
- Breaches isolated authorization boundaries, leading to Information Leakage and Authentication Bypass.
- Completely negates failover and rate-limit bypassing functions. |
|---|
| स्रोत | ⚠️ https://gist.github.com/YLChen-007/caf38652afeccbbd53a9d77152b6198d |
|---|
| उपयोगकर्ता | Eric-j (UID 98073) |
|---|
| सबमिशन | 07/05/2026 03:45 PM (29 दिन पहले) |
|---|
| संयम | 01/06/2026 03:28 PM (25 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367645 [NousResearch hermes-agent तक 2026.4.23 Credential Pool Synchronization agent/credential_pool.py _sync_anthropic_entry_from_credentials_file कमजोर प्रमाणीकरण] |
|---|
| अंक | 20 |
|---|