Totally Pwning the Tapplock Smart Lock (the API way)
tl:dr: Tapplocks api endpoints had no security checks other than a valid token to access any data.This results in anyone with a valid login (easily obtained by creating an account) being able to manipulate every tapplock available! The usual suspect… Yesterday I read the great article by the one and only cybbergibbons about tapplock and totally pwning it and as […]
Totally Pwning the Tapplock Smart Lock (the API way) Read More »