@tnat.dev
Reposted
This writeup on a signature bypass vulnerability does a good job of calling out some design red flags, but I want to point out a major one.
If you need to extract a signature out of a message, you MUST NEVER then operate on the original message.
Many applications and protocols get this wrong.
If you need to extract a signature out of a message, you MUST NEVER then operate on the original message.
Many applications and protocols get this wrong.
A Signature Verification Bypass in Nuclei (CVE-2024-43405) | Wiz Blog
Wiz's engineering team discovered a high-severity signature verification bypass in Nuclei which could potentially lead to arbitrary code execution.
www.wiz.io
January 5, 2025 at 9:10 PM
This writeup on a signature bypass vulnerability does a good job of calling out some design red flags, but I want to point out a major one.
If you need to extract a signature out of a message, you MUST NEVER then operate on the original message.
Many applications and protocols get this wrong.
If you need to extract a signature out of a message, you MUST NEVER then operate on the original message.
Many applications and protocols get this wrong.
Reposted
If you want to clean up old GitHub Actions workflow runs, this post is really handy: blog.oddbit.com/post/2022-09...
Extra tips: to do a dry run: gist.github.com/veekaybee/6c...
and you can also override the limit
Extra tips: to do a dry run: gist.github.com/veekaybee/6c...
and you can also override the limit
delete_workflows.md
GitHub Gist: instantly share code, notes, and snippets.
gist.github.com
January 1, 2025 at 2:29 PM
If you want to clean up old GitHub Actions workflow runs, this post is really handy: blog.oddbit.com/post/2022-09...
Extra tips: to do a dry run: gist.github.com/veekaybee/6c...
and you can also override the limit
Extra tips: to do a dry run: gist.github.com/veekaybee/6c...
and you can also override the limit