Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

All user input encryption ends with "="! #8

Open
spencerthayer opened this issue Dec 2, 2016 · 0 comments
Open

All user input encryption ends with "="! #8

spencerthayer opened this issue Dec 2, 2016 · 0 comments
Assignees
@spencerthayer @rbarghou
Labels
bug help wanted

Comments

@spencerthayer
Copy link
Owner

I think I just discovered a significant vulnerability with TorchNoteJS. All user entries end with a =.

This doesn't suggest that communications are not securely encrypted but rather this makes bot obfuscation irrelevant as a sophisticated attacker could ignore any line that doesn't end with a =.

Proposed solutions:

  • Add a = to the end of generated bot obfuscations.
  • Determine why ever user input ends with =.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spencerthayer spencerthayer

@rbarghou rbarghou

Labels
bug help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@spencerthayer @rbarghou