3 major vulnerabilities have been detected : BREACH LUCKY13 TLS_FALLBACK_SCSV

benjaminathlan commented 3 months ago

Can we access your project?

[X] I give permission for members of the FlutterFlow team to access and test my project for the sole purpose of investigating this issue.

Current Behavior

Hello,

We performed a pentest for a web app who is hosted by FF.

2 major vulnerabilities have been detected :

BREACH LUCKY13 TLS_FALLBACK_SCSV

CleanShot 2024-07-05 at 17 07 07@2x

Expected Behavior

No breach

Steps to Reproduce

Go to : https://hackertarget.com/ssl-check/
Check portal.becauseyolo.io

Reproducible from Blank

[X] The steps to reproduce above start from a blank project.

Bug Report Code (Required)

-

Visual documentation

uwcO3z53D72cboLqFk8oA

Environment

- FlutterFlow version: 4.1.65+
- Platform: MacOs
- Browser name and version: Arc
- Operating system and version affected: -

Additional Information

Pentest available on demands

Alezanello commented 3 months ago

Hello!

Thank you for bringing this to our attention.

I will forward this to the engineering team for a deeper investigation to find a solution and prevent this from happening in the future.

Thank you very much for alerting us to this issue!

Best regards,
Azanello

leighajarett commented 2 months ago

Thanks so much for flagging this! We are working on it

benjaminathlan commented 2 months ago

Hi @leighajarett do you have any news on this ?

Thanks so much.

FlutterFlow / flutterflow-issues