Rafael – WindowsTechs.com

Is openssl enc safe enough for securing a Bitcoin recovery phrase?

Posted on October 21, 2023 by Rafael

Is openssl enc considered secure enough to protect a bitcoin recovery passphrase?
An attacker might get the encrypted text and invest several thousand dollars in computing power trying to decrypt it.
The password is about 15 characters lon… Continue reading Is openssl enc safe enough for securing a Bitcoin recovery phrase?→

Checking if an arbitrary file exists on the server can be considered Path Traversal?

Posted on April 14, 2023 by Rafael

I ran a SAST Analysis on a project I’m working on and the tool reports the following snippet as a Relative Path Traversal vulnerability (CWE-23):
[Authorize]
[HttpPut("exists")]
public async Task<IActionResult> FileExists([… Continue reading Checking if an arbitrary file exists on the server can be considered Path Traversal?→