There is at lease one vulnerability in the demo: looks like dev or something is ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		obituary_latte on Sept 9, 2019 \| parent \| context \| favorite \| on: Firefly III – Self-hosted financial manager There is at lease one vulnerability in the demo: looks like dev or something is on in the framework. Sending bad input in at least one place exposes debug info with db/api credentials along with other sensitive info. Email in my profile if more detail needed. https://postimg.cc/gallery/2chl5bji2/ Edit: sent email with details to listed address on landing page.

JC5 on Sept 9, 2019 | [–]

Yep, I saw that. Thanks a lot for letting me know. I'm resetting credentials and setting up the DB again. Cheers.

ceejayoz on Sept 9, 2019 | [–]

Oooh, yeah. `APP_DEBUG=true` is set for the Laravel app.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact