Yavook.de/kiwi-vpn
1
0
Fork 1
Code Issues Pull requests Projects Releases Wiki Activity

possible security flaw

Browse source
This commit is contained in:
Jörn-Michael Miehe 2022-03-29 16:12:29 +00:00
parent 617ae92d72
commit 5990577699
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
api/kiwi_vpn_api/routers/_common.py
View file

@ -84,7 +84,8 @@ async def get_current_user_if_exists(
# fail if not requested by a user
if current_user is None:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND)
# don't use error 404 here: possible user enumeration
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
return current_user