Unauthenticated Public RestAPI Endpoint #291
Comments
brothercorvo
added
the
bug_Normal
naman108
added a commit
that referenced
this issue
Feb 17, 2022
|
fixed in 1.9.8.5 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In the RestAPI there is also the Endpoint /ManageRoute/postRoute which is unauthenticated. While this might not seem interesting at first, it is possible to broadcast new routes (suggested tracks to take) to every End User Device (EUD) connected to the server. This can create two issues, either create a Denial of Service situation where a malicious user can fill the entire map with routes, making it impossible to use the map in the EUD. The second scenario might be to create a route on which possible users might take and therefor control some of the paths and direct users into bad situations.
The text was updated successfully, but these errors were encountered: