@securelybuilt.bsky.social on Bluesky

JavaScript RequiredThis is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is. Learn more about Bluesky at bsky.social and atproto.com.

Post

Securely Built

securelybuilt.bsky.social

did:plc:pzhhn7k7vwe77uzvxwp4jts7

The bug is a CRLF injection in the login and session loading processes. Before authentication, cpsrvd writes a session file to disk. An attacker can manipulate the whostmgrsession cookie by omitting an expected segment.

2026-04-30T11:13:07.646Z