Lack of proper validation of server UUID can be used by the server to trick the client to accept invalid proofs
Impact immudb client SDKs use server's UUID to distinguish between different server instance so that the client can connect to different immudb instances and keep the state for multiple servers. SDK does not validate this uuid and can accept any value reported by the server. A malicious server ca...