Security context

What an agent needs to avoid regressing past fixes and find the next vuln in this repo.

bitwarden/passwordless-server
main @ 8d10114
25
Fixes
0
CVEs
HIGH
Peak severity
Highlights
Auth Bypass: 9 prior fixes. Scrutinize any change in this area.
src/Api/Endpoints/Magic.cs: most-fixed (2 issues). Treat as high-risk during review.
9 high-severity fixes in this history; regressions here are high-impact.
Recurring patterns

The bug types that recur here, drawn from past fixes, not open vulnerabilities.

Auth Bypass: Attackers could bypass registration constraints and potentially overwrite or hijack existing configurations due to insufficient tenant validation and existence verification prior to creation.
Auth Bypass: A lack of strict scope checks on both public and secret API keys could allow keys to perform unauthorized operations, requiring scope enforcement on route handlers.
Auth Bypass: A logic flaw allowed sign-in validation tokens to be successfully encoded and issued for users who did not exist in the database.