In truthsocial.com/open-source , they exposed their private key in the zip file. It's under social-v1-public/config/secrets.yml . That file shouldn't be shared and truthsocial needs to regenerate a new set of keys
I gave up trying to keep this private because nothing's been done. Better to expose this publically and earlier before launch so that they notice and fix the problem.
Does anyone know what the best way to reach out to the people behind truth social? Found a pretty big security issue that they need to fix soon.
Also, if anyone has any connections, tell them I e-mailed [email protected] with the subject "Security issue in truthsocial.com" about the problem.
Is there a way to DM on dot win? Dont want to doxx myself.
In truthsocial.com/open-source , they exposed their private key in the zip file. It's under social-v1-public/config/secrets.yml . That file shouldn't be shared and truthsocial needs to regenerate a new set of keys
I gave up trying to keep this private because nothing's been done. Better to expose this publically and earlier before launch so that they notice and fix the problem.