What is Nostr?
SUPERMAX
npub14cg…qjhl
2024-05-17 18:26:09
in reply to nevent1q…tyuf

SUPERMAX on Nostr: Anyone wanting to dive deeper into #LNBits extension issues, here you go (I too am ...

Anyone wanting to dive deeper into #LNBits extension issues, here you go (I too am diving deeper)

LNbits has no interest in fixing vulnerabilities. They have
postponed fixes for all reports I have made before (an SQLi
vulnerability for a few months, and a few weeks for improper access
control on SatsDice that was most likely why Super Testnet's wallet got
drained) and have called me a "FUDer" for posting a link to the
vulnerability report (only visible to logged in collaborators) in the
chat to inform developers that I filed a report.

I have no other choice. The validation of this vulnerability was done with the permission of the operators of said instances.

Author Public Key
npub14cgq353exzmhdsvqjtmw4dq7fvyleuls8umyrvd5umhr4gtx6asq7hqjhl