MCP-04: No Input Validation on account_id - Account Existence Leakage
Severity: MEDIUM
Affected File(s): config.py:122-124, tools.py:33-55
Description
The account_id parameter is used as a dictionary key with no format validation. The error message reflects back the input and confirms whether an account exists, enabling enumeration. No character restriction exists, allowing injection of arbitrary strings as config keys.
Vulnerable Code
def get_account(self, account_id: str):
if account_id not in self._config["accounts"]:
raise ValueError(f"Account {account_id} does not exist")
Impact
Account existence enumeration through error messages. Log injection through arbitrary strings in account_id.
Proof of Concept
An MCP-connected agent can enumerate valid account IDs by checking error responses for each guess.
Recommended Fix
Add format validation: re.match(r'^[a-zA-Z0-9_-]{1,64}$', account_id). Apply at add_account, add_account_v3, get_account, and _get_client entry points.
Methodology: Triple-verification static analysis -- each finding verified across three independent code review passes.
MCP-04: No Input Validation on account_id - Account Existence Leakage
Severity: MEDIUM
Affected File(s):
config.py:122-124, tools.py:33-55Description
The account_id parameter is used as a dictionary key with no format validation. The error message reflects back the input and confirms whether an account exists, enabling enumeration. No character restriction exists, allowing injection of arbitrary strings as config keys.
Vulnerable Code
Impact
Account existence enumeration through error messages. Log injection through arbitrary strings in account_id.
Proof of Concept
Recommended Fix
Add format validation: re.match(r'^[a-zA-Z0-9_-]{1,64}$', account_id). Apply at add_account, add_account_v3, get_account, and _get_client entry points.
Methodology: Triple-verification static analysis -- each finding verified across three independent code review passes.