This repository has been archived by the owner on Jan 4, 2024. It is now read-only.
ticket is not checked on any requests #35
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The
ticketthat is returned by authenticate when it is successful (UUID) is used by the client as a token. This code never checks theticket, therefore any client can send data to this server and it will accept that data as 'real' without any validation.I understand that this project is not actively worked on, but wanted to share this here in case anyone comes by and wants to use this. I would consider this a pretty big security vulnerability, and would not use this without fixing this issue.
The text was updated successfully, but these errors were encountered: