Signature Security Issue of RazorPay WebHook #244
Description
The developer is able to access the signature of WebHook Request
Let me give a brief on why I think this is a security issue
Consider a software solution integrated with RazorPay
- Customer of the software solution logs in to RazorPay sets up a webHook
- During the processing of the webHook, developer can access the signature after encoding
- This makes it so that the developer can manually send the WebHook Request which shouldn't be possible