SUPERMAX on Nostr: Anyone wanting to dive deeper into #LNBits extension issues, here you go (I too am ...
Anyone wanting to dive deeper into #LNBits extension issues, here you go (I too am diving deeper)
quoting nevent1q…rd2pLNbits has no interest in fixing vulnerabilities. They have
postponed fixes for all reports I have made before (an SQLi
vulnerability for a few months, and a few weeks for improper access
control on SatsDice that was most likely why Super Testnet's wallet got
drained) and have called me a "FUDer" for posting a link to the
vulnerability report (only visible to logged in collaborators) in the
chat to inform developers that I filed a report.
I have no other choice. The validation of this vulnerability was done with the permission of the operators of said instances.