Open utterances-bot opened 3 years ago
What could possibly be the reason for this implementation? I mean why encrypt it this way in the first place? Assuming it would be transmitted over HTTPS anyway. Remnants of legacy non HTTPS era?
It uses SubtleCrypto, which is fairly new - so I don't think it is legacy at all.
No idea why though. It is like adding a captcha and having a "Bypass Captcha" option alongside.
Amazon Order History Encryption Bypass · Abhay Rana
https://captnemo.in/blog/2021/05/14/amazon-website-order-drm/