Hi, I have a web game developed on Playcanvas for a client, everything is working well. But our client requires us to submit our code to scan thru VAPT (Vulnerability Assessment and Penetration Testing). We submit our code and the scan found 123 vulnerabilities on “Improper Authentication” weakness and 123 on “Use of Hard-coded Credentials” weakness. All of these seem to be coming from playcanvas library itself.
We don’t think it’s a real vulnerabilities, more like a false positive but our client security team requires us to get an explanation from the author of the libraries/game engine (PlayCanvas) to prove that the vulnerabilities are indeed a false positive.