GitLab now enforces expiry dates on tokens that originally had no set expiration date. Those tokens were given an expiration date of one year later. Please review your personal access tokens, project access tokens, and group access tokens to ensure you are aware of upcoming expirations. Administrators of GitLab can find more information on how to identify and mitigate interruption in our documentation.

Authorization vulnerability using FastAuth

Using FastAuth, one could go from API authentication (which has limited scope, blocking changing password for example) to Session authentication (which can do everything).

Possible solution: Add a password confirmation or a secondary pasword (pin code ?) for FastAuth token validation.

Admin message

Authorization vulnerability using FastAuth