Summary
class/panelLets.py hardcodes TLS verification disabled during ACME certificate issuance. Panel API credentials transmitted over unverified TLS. BaoTa is China #1 server management panel with 4.5k stars.
Impact
ACME certificate issuance process vulnerable to MITM. Panel authentication tokens exposed.
Remediation
Enable TLS verification by default. Full report available.
Summary
class/panelLets.pyhardcodes TLS verification disabled during ACME certificate issuance. Panel API credentials transmitted over unverified TLS. BaoTa is China #1 server management panel with 4.5k stars.Impact
ACME certificate issuance process vulnerable to MITM. Panel authentication tokens exposed.
Remediation
Enable TLS verification by default. Full report available.