Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-f28g-86hc-823q: Tokenizer vulnerable to client brute-force of token secrets

Impact

Authorized clients, having an inject_processor secret, could brute-force the secret token value by abusing the fmt parameter to the Proxy-Tokenizer header.

Patches

This was fixed in https://github.com/superfly/tokenizer/pull/8 and further mitigated in https://github.com/superfly/tokenizer/pull/9.

ghsa
#git#auth

Tokenizer vulnerable to client brute-force of token secrets

Moderate severity GitHub Reviewed Published Jul 13, 2023 in superfly/tokenizer • Updated Jul 13, 2023

ghsa: Latest News

GHSA-hqmp-g7ph-x543: TunnelVision - decloaking VPNs using DHCP