[SOLVED] Vulnerabilities found from VAPT scan on PlayCanvas game

Hi, I have a web game developed on Playcanvas for a client, everything is working well. But our client requires us to submit our code to scan thru VAPT (Vulnerability Assessment and Penetration Testing). We submit our code and the scan found 123 vulnerabilities on “Improper Authentication” weakness and 123 on “Use of Hard-coded Credentials” weakness. All of these seem to be coming from playcanvas library itself.

We don’t think it’s a real vulnerabilities, more like a false positive but our client security team requires us to get an explanation from the author of the libraries/game engine (PlayCanvas) to prove that the vulnerabilities are indeed a false positive.

I can send more details about this privately. Can someone help me with this?
@will @dave

@BKdevteam_Digimagic Is there a way we can get a report of the vulnerabilities or run the test ourselves?

Please send details to support@playcanvas.com

Yes, I can send you the report and the game link to you.

I’ve replied to your email.