Closed td00 closed 1 week ago
Thanks for the report @td00! Good suggestion. Any queries involving the Attendee ID will always include the event ID, and there's a rate limit in place, so it makes enumeration a little tricky. But it's not impossible, so I'll update the public ID to use a longer more secure string. Cheers!
Describe the bug The QR Code only contains the main Order Number and an increasing number (i.e. FOOBA-1). This can be enumarated fairly easily and should be considered insecure
To Reproduce Steps to reproduce the behavior:
Expected behavior Use some unique secure random string
Screenshots If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Smartphone (please complete the following information):
Hi.Events Version and platform demo instance
Logs Add any relevant error logs
Additional context Add any other context about the problem here.