Open joernNNN opened 2 weeks ago
Hi @joernNNN,
We are not sure about this one yet. So could you start by writing a fingerprinting plugin for code-server? If so, please open a new issue and I will accept it.
~tooryx
Heyy @tooryx For fingerprinting plugins the bounty amount doesn't interest me. Could you please prioritize my other pending PRP instead until your team settles on this PRP? Here is the link for your reference: https://github.com/google/tsunami-security-scanner-plugins/issues/510.
My second PRP:
In code server configuration password authentication can be disabled according to this part of the document: https://coder.com/docs/code-server/guide#port-forwarding-via-ssh
Since this is an IDE, I believe, similar to GoCD, that the misconfiguration can be confirmed with the help of a Tsunami callback server.