Describe the bug
Major security bug in CaptureTypeService.findFilter(String url_suffix). If the user specifies a non-existent url_suffix, a null filter will be returned. This is effectively the same as selecting the "all" capture type. Obviously, this is a major security hole.
To Reproduce
Call the API's /api/capture/{type} with any non-registered url_suffix.
Expected behavior
This should cause an error to be returned by the API.
Screenshots
N/A
Desktop (please complete the following information):
Any
Smartphone (please complete the following information):
Any
Additional context
It should be noted, that this only affects authenticated users. So an unauthenticated user can't capture packets. But this does let authenticated users capture any type of packet very easily.
The text was updated successfully, but these errors were encountered:
Describe the bug
Major security bug in CaptureTypeService.findFilter(String url_suffix). If the user specifies a non-existent url_suffix, a null filter will be returned. This is effectively the same as selecting the "all" capture type. Obviously, this is a major security hole.
To Reproduce
Call the API's /api/capture/{type} with any non-registered url_suffix.
Expected behavior
This should cause an error to be returned by the API.
Screenshots
N/A
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
It should be noted, that this only affects authenticated users. So an unauthenticated user can't capture packets. But this does let authenticated users capture any type of packet very easily.
The text was updated successfully, but these errors were encountered: