[ot][spam][crazy][puzzle?][spam][crazy]
Undescribed Horrific Abuse, One Victim & Survivor of Many
gmkarl at gmail.com
Thu Jul 20 12:28:34 PDT 2023
let's try guessing with division
-----------
how to figure out whether akash providers are vulnerable to very
simple falsified certificates, providing for logging in as
this might be the client code for logging in with a shell:
https://github.com/akash-network/provider/blob/44c85af39a56a43830efbdcbe7a2fd83c1d9776b/gateway/rest/client_shell.go
the question is, do the servers let anyone log in with a shell by
failing to authenticate certificates?
_ideally_ we would figure out how to check this by inspection first,
and then could verify it using test code after the inspection. so far,
i haven't found by inspection where the certificate is validated.
More information about the cypherpunks
mailing list