logoalt Hacker News

danielrmaytoday at 3:23 PM4 repliesview on HN

"It pretended to be the official client" is not a security argument if the mechanism was client-supplied metadata.

That’s not impersonation. That’s Bambu discovering that user agents are not authentication.

Replies

CarVactoday at 3:26 PM

And by using AGPL they grant you the license to use the code however you wish, they cannot say it's "unauthorized access".

show 1 reply
liampullestoday at 6:08 PM

And they report service disruptions as a result of this - so perhaps they are are also learning what gateways are.

Blaming the CLIENT for this is absolutely crazy.

stavrostoday at 3:25 PM

"You can't use any client you want because of security" is bullshit, as if hackers will care what client you'd like them to use or not when they're trying to hack your infrastructure.

This is just Bambu alienating their customer base, again.

show 1 reply
philipwhiuktoday at 4:35 PM

Or it's a really blatant security issue that should be reported https://github.com/bambulab/BambuStudio/issues/10681