Missing User Warnings
Medium
- Confidence
- 97% confidence
- Finding
- The documentation explicitly instructs users to pass BDUSS, STOKEN, and full cookie values directly on the command line. Command-line arguments are commonly exposed through shell history, process listings, logs, screenshots, and telemetry, so this can leak active session credentials and enable account takeover.
