Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

API and Websocket Keys Leakage #26

Open
Securitybits-io opened this issue Feb 16, 2022 · 0 comments
Open

API and Websocket Keys Leakage #26

Securitybits-io opened this issue Feb 16, 2022 · 0 comments
Labels
bug Something isn't working
Milestone

Comments

@Securitybits-io
Copy link

The WebUI leaks the RestAPI and Websocket tokens in the javascript source code! These should not be reflected back to the user as that can lead to unintended requests through for example XSS.

API Bearer Token

SourceCode_RestAPI-key

Websocket Token

SourceCode_WebSocket-key

@brothercorvo brothercorvo added the bug Something isn't working label Apr 9, 2022
@brothercorvo brothercorvo added this to the 2.2 milestone Dec 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants