

How “../sms” Could Bypass Authy 2-Factor Authentication - dsacco
http://sakurity.com/blog/2015/03/15/authy_bypass.html/

======
saurik
That rack-protection library Sinatra apparently uses is clearly wrong: how
does that "protect" against directory traversal, rather than "cause" directory
traversal? It essentially makes escaping not work correctly. In what scenario
is this possibly a security measure?

