robeden / intrepid / issues / #5 - SessionInit can be bypassed — Bitbucket

Issue #5 resolved

Rob Eden repo owner created an issue 2016-09-22

A malicious client can bypass the SessionInit message and send other messages immediately, including invocations. Invocations in this state wouldn't have user context associated with them, which could be a privilege escalation in some circumstances.

Comments (2)

Rob Eden reporter
Will be fixed in 1.6.3
- 2016-09-26T14:24:01+00:00
Rob Eden reporter
- changed status to resolved
Fixed in 5056ea6. Released in 1.6.3.
- 2016-09-26T14:32:32+00:00
Log in to comment

Assignee: Rob Eden

Type: bug

Priority: blocker

Status: resolved

Version: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!