[hanoz]

I've just managed to get my ip address a 24 hour ban by tweeking the timestamp parameter once! Which is a pretty obvious DoS vulnerability if anyone wanted to disable a venue's pass verification ability.

[brokenmachine]

How does that become a DoS? Spoofing ip's to get banned? Wouldn't you have to know the ip's that you wanted to get banned?

[saberdancer]

You need to be on the venues IP/WiFi. If the staff uses the same WiFi they will be banned as well.

[hanoz]

You turn up at a venue which is scanning these QR codes as part of some vaccinated only entrance policy, let them scan your amended code, you don't get in, nor does anyone else after you.

[brokenmachine]

But this isn't vaccination codes, it's a test. Do proof of vaccination codes use the same system in Serbia?