Set up a security policy

Question

Set up a security policy

Closed this issue 4 years ago · 4 comments

Techbrunch commented 4 years ago

Hello @nayzo,

I would like to report a security issue with this library but no security policy was defined for the project.

Could you add one: https://github.com/nayzo/NzoUrlEncryptorBundle/security/policy

So that I can report the issue through the right channel.

I the meantime I would advise against using this library.

Thanks

Answer 1 · 2020-04-30T14:08:23.000Z

Hello @Techbrunch,

You can report the security issue at: contact [@] alakhefifi [.] com
Thank you in advance.

Answer 2 · 2020-05-02T12:04:20.000Z

No security issue detected as far as using the bundle there is no way to decrypt the encrypted text without using the bundle it self !
From an encrypted text you cannot get the original text without using the bundle (which is the whole purpose of the bundle).
You may have found a glitch but it has no effect on the equation and what it's mentioned above !
Thank you anyway.
Closing this issue.

Answer 3 · 2020-05-02T13:39:28.000Z

There are actually multiple critical issues with this library, if @nayzo does not contact me I'll make them public.

Answer 4 · 2020-05-02T16:30:30.000Z

Email sent, I see the problem. I pushed the fix.
Thanks @Techbrunch