API doesn't properly verify the TLS fingerprint
Closed this issue · 3 comments
fortuna commented
The API checks the fingerprint on a test request in the constructor, but doesn't check the fingerprint in the actual requests, so they are not protected. You should validate the fingerprint on every request.
fortuna commented
This Node.js library had the same issue, and this is how they fixed it: murka/outlinevpn-api@1b6cbfc
jadolg commented
Released in version 3.0.0