You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, MTM is using auto-increment integers for individual decisions. If an attacker gains a mechanism to inject decisions into MTM, he could easily enumerate the most probable IDs and cause a server to be trusted that should not.
A fix would be to change auto-incremented integers to UUID.randomUUID().
The text was updated successfully, but these errors were encountered:
Currently, MTM is using auto-increment integers for individual decisions. If an attacker gains a mechanism to inject decisions into MTM, he could easily enumerate the most probable IDs and cause a server to be trusted that should not.
A fix would be to change auto-incremented integers to
UUID.randomUUID().The text was updated successfully, but these errors were encountered: