omi icon indicating copy to clipboard operation
omi copied to clipboard
verified publisher icon BasedHardware

Responsible Disclosure – Critical Security Vulnerability: Unauthenticated UID Access

Open ghost opened this issue 8 months ago • 1 comments

Summary

This is a responsible disclosure of a critical backend vulnerability in Omi's API.

Description

Several sensitive endpoints are accessible without authentication by supplying a valid UID. A hardcoded UID (viUv7GtdoHXbK1UBCDlPuTDuPgJ3) exists in a public script, demonstrating how easily this could be exploited.

Affected Endpoints

  • GET /v1/mcp/conversations
  • GET /v1/mcp/memories
  • POST /v1/mcp/memories
  • DELETE /v1/mcp/memories/{memory_id}
  • PATCH /v1/mcp/memories/{memory_id}
  • POST /v1/mcp/users

Code References

Notes

Only a minimal, non-intrusive test was performed to validate the issue. No user data was stored or shared.

Recommendation

  • All endpoints should enforce proper token-based authentication.
  • Hardcoded UIDs should be removed from public code.

Suggested labels: bug, backend

ghost avatar May 26 '25 18:05 ghost

@krushnarout can u check if this is still an issue

aaravgarg avatar Nov 26 '25 03:11 aaravgarg