[Security] MCP-01: No MCP Authentication on SSE/HTTP Transport

[mefai-dev]

MCP-01: No MCP Authentication on SSE/HTTP Transport

Severity: HIGH
Affected File(s): simple_server.py:356-363, cli.py:140

Description

The FastMCP server instance has no authentication middleware, bearer token, or session validation when running via SSE/HTTP transport. The official documentation suggests binding to 0.0.0.0, exposing the unauthenticated trading API to the entire network. Even on localhost, any local process can invoke trading tools including create_order, cancel_all_orders, and transfer_funds.

Vulnerable Code

def run(self, transport: str = "stdio") -> None:
    if transport in ("sse", "http", "streamable-http"):
        self.mcp.run(transport=transport, host=self.host, port=self.port)

Impact

Full unauthorized trading access, fund transfers, and position manipulation by any process that can reach the server socket.

Proof of Concept

1. Start server: aster-mcp start --port 9002 --host 0.0.0.0
2. From any machine on the network, connect to the MCP endpoint and invoke create_order or transfer_funds without any credentials.

Recommended Fix

1. Add bearer token authentication to SSE/HTTP transport
2. Remove --host 0.0.0.0 from documentation examples
3. Add startup warning if binding to non-loopback addresses
4. Require explicit --allow-network flag for non-loopback binds

---

Methodology: Triple-verification static analysis -- each finding verified across three independent code review passes.