Semisol on Nostr: LNbits has no interest in fixing vulnerabilities. They have postponed fixes for all ...
LNbits has no interest in fixing vulnerabilities. They have
postponed fixes for all reports I have made before (an SQLi
vulnerability for a few months, and a few weeks for improper access
control on SatsDice that was most likely why Super Testnet's wallet got
drained) and have called me a "FUDer" for posting a link to the
vulnerability report (only visible to logged in collaborators) in the
chat to inform developers that I filed a report.
I have no other choice. The validation of this vulnerability was done with the permission of the operators of said instances.
Published at
2024-04-28 19:52:43Event JSON
{
"id": "fce6a3b2b58b519f9af34f829ffab37a6cc955a8005551356b43cb0fd946de33",
"pubkey": "52b4a076bcbbbdc3a1aefa3735816cf74993b1b8db202b01c883c58be7fad8bd",
"created_at": 1714333963,
"kind": 1,
"tags": [],
"content": "LNbits has no interest in fixing vulnerabilities. They have \npostponed fixes for all reports I have made before (an SQLi \nvulnerability for a few months, and a few weeks for improper access \ncontrol on SatsDice that was most likely why Super Testnet's wallet got \ndrained) and have called me a \"FUDer\" for posting a link to the \nvulnerability report (only visible to logged in collaborators) in the \nchat to inform developers that I filed a report.\n\nI have no other choice. The validation of this vulnerability was done with the permission of the operators of said instances.\n\nhttps://i.nostr.build/J6B7l.png",
"sig": "b8728f1b393874767f838ac12d7504381b83359402431746cc22c13deb979ecb0986d97c1ee635618d25c76e32aacd1c77f851948f888f37e06be3ce5b710c36"
}
