Описание
Tokenizer vulnerable to client brute-force of token secrets
Impact
Authorized clients, having an inject_processor secret, could brute-force the secret token value by abusing the fmt parameter to the Proxy-Tokenizer header.
Patches
This was fixed in https://github.com/superfly/tokenizer/pull/8 and further mitigated in https://github.com/superfly/tokenizer/pull/9.
Пакеты
Наименование
github.com/superfly/tokenizer
go
Затронутые версииВерсия исправления
< 0.0.1
0.0.1