v23/security: potential security bug
cosnicolaou opened this issue · comments
Cosmos Nicolaou commented
v23/security.EndpointAuthorizer currently authorizes an endpoint that has no blessings associated with it. If there are blessings associated with an endpoint then those blessings are validated appropriately. This is a potential security bug since it allows a server which includes no blessings in its endpoint information to masquerade as one that has validated and matching blessings.
Cosmos Nicolaou commented
Closed by #242