• Septimaeus@infosec.pub
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    Agreed, and I am surprised by the complete lack of throttling or resource quotas that would allow this.

    Typically niche-use-case and high-performance APIs that aren’t hidden behind experimental flags require user permission by default, a practice solidified by mitigations of other exploits like mining, fingerprinting, etc. To find one open and apparently so unregulated by default is unusual, if true.

    Either way, I suspect any user vulnerable to this exploit is likely already exposed to much worse via similarly unsophisticated attacks.