Missing User Warnings
Medium
- Confidence
- 94% confidence
- Finding
- The document endorses an `insecure: true` mode that disables TLS certificate validation via curl `-k`, but it does not prominently warn that this enables man-in-the-middle interception and spoofing of the Pi-hole endpoint. In this context, that can expose API credentials/session tokens and allow an attacker on the network path to tamper with DNS-blocking commands or returned query data.
