secDevLabs
secDevLabs copied to clipboard
globocom
[A1] - Broken Access Control - Camplake-API
This solution refers to which of the apps?
[A1] - Broken Access Control - Camplake-API
What did you do to mitigate the vulnerability?
Adding signature validation to incoming user`s token.
Did you test your changes? What commands did you run?
The attack narrative did not working anymore.
This pull request introduces 2 alerts when merging c668fa0e0ee9e2e0678efd30d8cc59211fd8dfe4 into 46a89c9f83781ddc61daf6dd46d6811f509e155b - view on LGTM.com
new alerts:
- 2 for Missing error check
![lgtm-com[bot] avatar](https://avatars.githubusercontent.com/in/17324?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hey @vitor-mauricio you fix the vulnerability for this exercise. @InesCardinot give you an alert about hardcoded credentials, this won't be part of the exercise, but if you know how to fix that two, I'll give you a bonus point! 😄
