Semisol 👨💻 on Nostr: LNbits has no interest in fixing vulnerabilities. They have postponed fixes for all ...
LNbits has no interest in fixing vulnerabilities. They have
postponed fixes for all reports I have made before (an SQLi
vulnerability for a few months, and a few weeks for improper access
control on SatsDice that was most likely why Super Testnet's wallet got
drained) and have called me a "FUDer" for posting a link to the
vulnerability report (only visible to logged in collaborators) in the
chat to inform developers that I filed a report.
I have no other choice. The validation of this vulnerability was done with the permission of the operators of said instances.
postponed fixes for all reports I have made before (an SQLi
vulnerability for a few months, and a few weeks for improper access
control on SatsDice that was most likely why Super Testnet's wallet got
drained) and have called me a "FUDer" for posting a link to the
vulnerability report (only visible to logged in collaborators) in the
chat to inform developers that I filed a report.
I have no other choice. The validation of this vulnerability was done with the permission of the operators of said instances.