I’m surprised this isn’t a bigger part of the story.
Bambu’s authentication is just the client saying “I am Bambu Studio”. The server completely trusts that with no additional authentication.
It’s like setting up a website with a user login, and if someone puts in “admin” in the username field without a password, the system says “sounds good” and lets you in. And then the website owners getting mad that someone hacked their system.
Blatant incompetence. I can’t believe they’re using their stupidity as an argument.
I’m surprised this isn’t a bigger part of the story.
Bambu’s authentication is just the client saying “I am Bambu Studio”. The server completely trusts that with no additional authentication.
It’s like setting up a website with a user login, and if someone puts in “admin” in the username field without a password, the system says “sounds good” and lets you in. And then the website owners getting mad that someone hacked their system.
Blatant incompetence. I can’t believe they’re using their stupidity as an argument.
Important to note that the license they release their software under explicitly allows users to do exactly that