nayzo
commented
4 years ago Hello @Techbrunch,
You can report the security issue at: contact [@] alakhefifi [.] com Thank you in advance.
Closed Techbrunch closed 4 years ago
nayzo
commented
4 years ago Hello @Techbrunch,
You can report the security issue at: contact [@] alakhefifi [.] com Thank you in advance.
nayzo
commented
4 years ago No security issue detected as far as using the bundle there is no way to decrypt the encrypted text without using the bundle it self ! From an encrypted text you cannot get the original text without using the bundle (which is the whole purpose of the bundle). You may have found a glitch but it has no effect on the equation and what it's mentioned above ! Thank you anyway. Closing this issue.
Techbrunch
commented
4 years ago There are actually multiple critical issues with this library, if @nayzo does not contact me I'll make them public.
nayzo
commented
4 years ago Email sent, I see the problem. I pushed the fix. Thanks @Techbrunch
Hello @nayzo,
I would like to report a security issue with this library but no security policy was defined for the project.
Could you add one: https://github.com/nayzo/NzoUrlEncryptorBundle/security/policy
So that I can report the issue through the right channel.
I the meantime I would advise against using this library.
Thanks