sbrl/systemquery
1
0
Fork 0
Code Issues Pull requests Releases Activity

Connection: oops, we're vulnerable to a replay attack

Browse source
This commit is contained in:
Starbeamrainbowlabs 2022-02-09 03:03:45 +00:00
parent 3bdbad150c
commit 97da517a0e
Signed by: sbrl
GPG key ID: 1BE5172E637709C2
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/lib/transport/Connection.mjs
View file

@ -177,6 +177,9 @@ class Connection extends EventEmitter {
// TODO: Consider anonymous TLS, with jpake for mututal authentication
// TODO: Consider https://devdocs.io/node/crypto#crypto.createCipheriv() - which lets us use any openssl ciphers we like - e.g. ChaCha20-Poly1305
// TODO: We're currently vulnerable to a replay attack. We need to mitigate this somehow.
let payload = JSON.stringify({ event, message });
payload = encrypt_bytes(
this.session_key,