Bypass of Paid Services via Information Leak

[stormvansoldt]

There is a flaw in the design of the licensing system that allows end users to generate their own valid (paid) licenses, effectively bypassing the subscription model for using PiSignage. The method seems to affect all players regardless of which server they are connecting to.

I do believe there is a way this can be effectively mitigated and I'm in the process of testing some of my theories. For obvious reasons I don't want to give more details about it here on a public Github page.

I'd be happy to provide more details in private, if you're interested please feel free to shoot me an email to discuss it further: svansoldt@blackmor.biz