When creating the HttpClientHandler for fetching the wsdl and any included schema files, HttpClientHandler.Credentials is set to CredentialCache.DefaultCredentials. We shouldn't set this by default, and instead should have a command line parameter to specify using default credentials.
As per documentation, dotnet-svcutil should only be used with wsdl url's that you trust, so this isn't considered a security bug. It is a defense in depth improvement.
When creating the HttpClientHandler for fetching the wsdl and any included schema files, HttpClientHandler.Credentials is set to CredentialCache.DefaultCredentials. We shouldn't set this by default, and instead should have a command line parameter to specify using default credentials.
As per documentation, dotnet-svcutil should only be used with wsdl url's that you trust, so this isn't considered a security bug. It is a defense in depth improvement.