search

Githubuser60 / famed-demo

0 stars 0 forks source link

Found an insecure gRPC server without 'grpc.Creds()' or options with credentials. This allows for a connection without encryption to this server. A malicious attacker could tamper with the gRPC message, which could compromise the machine. Include credentials derived from an SSL certificate in order to create a secure gRPC connection. You can create credentials using 'credentials.NewServerTLSFromFile("cert.pem", "cert.key")'. #17

Open get-famed[bot] opened 1 year ago

get-famed[bot] commented 1 year ago

πŸ¦Έβ€β™€οΈ Famed Scanner

πŸ“ Description

Found an insecure gRPC server without 'grpc.Creds()' or options with credentials. This allows for a connection without encryption to this server. A malicious attacker could tamper with the gRPC message, which could compromise the machine. Include credentials derived from an SSL certificate in order to create a secure gRPC connection. You can create credentials using 'credentials.NewServerTLSFromFile("cert.pem", "cert.key")'.

πŸ“ Related files

grpc_server.go

This issue was created by famed πŸ€–

get-famed[bot] commented 1 year ago

πŸ€– Assignees for issue Found an insecure gRPC server without 'grpc.Creds()' or options with credentials. This allows for a connection without encryption to this server. A malicious attacker could tamper with the gRPC message, which could compromise the machine. Include credentials derived from an SSL certificate in order to create a secure gRPC connection. You can create credentials using 'credentials.NewServerTLSFromFile("cert.pem", "cert.key")'. #17 are now eligible to Get Famed.

❌ Add assignees to track contribution times of the issue πŸ¦Έβ€β™€οΈπŸ¦ΉοΈ ❌ Add a single severity (CVSS) label to compute the score 🏷️️

Happy hacking! πŸ¦ΎπŸ’™β€οΈοΈ