Web server identification was enabled
Incident Report for The Things Network
Resolved
Umesh Jore and Ajay Shrimali kindly reported a security issue through responsible disclosure that we fixed immediately.

The issue reported is that the Account Server returned the operating system and web server version as part of the HTTP response headers. This information can be used by attackers to exploit known vulnerabilities with these components.

We would like to thank Umesh Jore and Ajay Shrimali for their report and making The Things Network a more secure place.
Posted 4 months ago. Jun 26, 2019 - 15:22 CEST