In my article on Technical analysis of Optus API security challenge - Three must to have API security controls I mentioned we cannot just blindly assume UUID is safe to use. promised I would create a challenge to highlight this issue.
RFC4122 states that UUID should not be assumed random and should not be used as a security control. UUID has multiple versions. In some versions, it is easy for an adversary to guess UUID values; therefore, if UUID is the only control to protect a private resource, the adversary can gain unauthorised access.
UUID.py is a new challenge that model this UUID vulnerability. Your objective is to find and fix the vulnerability.
Bonus point: given a UUID number, how can you tell which version it is?
Happy Patching!