Impact
By using WS, sensitive data could have been misused by outsiders or viewed in general. This would have fatal consequences for our shop system and the privacy of users. With the upcoming release of our 2021.7.3 version, this problem will be officially resolved.
Explanation
The wss protocol establishes a WebSocket over an encrypted TLS connection, while the ws protocol uses an unencrypted connection. At this point, the network connection remains open and can be used to send WebSocket messages in either direction.
For more information
If you have any questions or comments about this advisory:
Impact
By using WS, sensitive data could have been misused by outsiders or viewed in general. This would have fatal consequences for our shop system and the privacy of users. With the upcoming release of our 2021.7.3 version, this problem will be officially resolved.
Explanation
The wss protocol establishes a WebSocket over an encrypted TLS connection, while the ws protocol uses an unencrypted connection. At this point, the network connection remains open and can be used to send WebSocket messages in either direction.
For more information
If you have any questions or comments about this advisory: