The RC Flutter SDK offers the .logIn
method, which allows the current user to log in using only the appUserID
.
Since the appUserID
is exposed on the client side, a malicious user could potentially obtain someone else's appUserID
(e.g., through reverse engineering the app or intercepting network requests) and use it to impersonate that user. This could allow unauthorized access to premium content or features, etc..
Question
Potential risk of the .logIn method of the RC SDK for flutter
+2
This post has been closed for comments
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.