20 Jul
2023
20 Jul
'23
7:28 p.m.
let's try guessing with division ----------- how to figure out whether akash providers are vulnerable to very simple falsified certificates, providing for logging in as this might be the client code for logging in with a shell: https://github.com/akash-network/provider/blob/44c85af39a56a43830efbdcbe7a2f... the question is, do the servers let anyone log in with a shell by failing to authenticate certificates? _ideally_ we would figure out how to check this by inspection first, and then could verify it using test code after the inspection. so far, i haven't found by inspection where the certificate is validated.