Skip to content

[BUG] cortex login Token Stored with Overly Permissive File Permissions #707

New issue
New issue
Open
Open
[BUG] cortex login Token Stored with Overly Permissive File Permissions#707
Labels
bugSomething isn't working
@EnthusiasticTech

Description

@EnthusiasticTech
EnthusiasticTech
opened on Jan 23, 2026

Project

cortex

Description

The authentication token file is created with 0644 permissions (world-readable) instead of 0600.

Error Message



Debug Logs




System Information


Bounty Version: 0.1.0
OS: Ubuntu 24.04 LTS
CPU: AMD EPYC-Genoa Processor (8 cores)
RAM: 15 GB


Screenshots


No response


Steps to Reproduce


cortex login
ls -la ~/.config/cortex/credentials
# -rw-r--r-- (644) instead of -rw------- (600)


Expected Behavior


Credentials file should have 0600 permissions (owner read/write only).


Actual Behavior


File is world-readable, exposing tokens.


Additional Context


No response
Metadata
Metadata
Assignees
No one assigned
    Labels
    bugSomething isn't working
    Type
    No type
    Projects
    No projects
    Milestone
    No milestone
    Relationships
    None yet
    Development
    No branches or pull requests
    Issue actions