this post was submitted on 17 Jul 2023
242 points (94.8% liked)
Asklemmy
43947 readers
763 users here now
A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
but the fundamental vulnerability is not in the UI, by that logic you could just run your own UI and get into servers without issue, the vulnerability is always in either the server software or in the specific deployment.
The vulnerability was in the ui.
again, that makes no sense whatsoever, by that logic anyone can just merrily wreak havoc by using a client specially made to have vulnerabilities.
It was a csrf issue. The vulnerability isn’t on the attackers side, it’s on the user’s side. I’m telling you this as the owner of the instance. I’m sorry, but you are wrong here.