Wednesday 26th June 2019

Account Server Web server identification was enabled

Umesh Jore and Ajay Shrimali kindly reported a security issue through responsible disclosure that we fixed immediately.

The issue reported is that the Account Server returned the operating system and web server version as part of the HTTP response headers. This information can be used by attackers to exploit known vulnerabilities with these components.

We would like to thank Umesh Jore and Ajay Shrimali for their report and making The Things Network a more secure place.