Comment by maples37
2 months ago
The extension IDs are UUIDs/GUIDs, so 128 bits of entropy. No site is going to be able to successfully scan that full range.
2 months ago
The extension IDs are UUIDs/GUIDs, so 128 bits of entropy. No site is going to be able to successfully scan that full range.
UUIDs are 128 bit long but generally have a bit less entropy than that as they are not just a random number. Still more than enough to make enumeration infeasible though.
And just in case the magnitude of that isn't obvious to people, that means there are 340,282,366,920,938,463,463,374,607,431,768,211,456 total possible UUIDs. Good luck.
ChatGPT told me it can be done though.
It won't disclose how, as it says it has had several users report it. And that it expects 50% of the bounty, and will use it for GPU upgrades.