mcp_server
by samreensami
Overview
A simple bank system API that allows users to create accounts, authenticate, deposit/transfer funds, and view transaction history, along with unprotected administrative endpoints to view all accounts and transactions.
Installation
uvicorn main:app --host 0.0.0.0 --port 8000 --reloadSecurity Notes
Critical authorization bypass: All core financial operations (deposit, transfer, view balance, view transactions) and administrative endpoints (view all accounts, view all transactions) are exposed without any authentication or authorization. An attacker merely needs to know an `account_id` (which is returned upon initial login) to perform unauthorized transactions or view all sensitive data. No proper session management, JWT, or OAuth is implemented. The authentication endpoint also distinguishes between 'account not found' and 'invalid PIN', which aids in account enumeration. No rate limiting is present.
Similar Servers
rmcp
Perform sophisticated statistical analysis, econometrics, machine learning, and time series tasks using natural language conversations with AI assistants, demonstrating capabilities through a web interface.
ls-mcp
Command-line tool for discovering, analyzing, and reporting on Model Context Protocol (MCP) server configurations in a local development environment.
company-docs-mcp
Transforms organizational documentation into an AI-powered knowledge base for semantic search, Q&A via chat interface, Claude Desktop, and Slack integration.
karma
A modern, dark-themed chat interface demonstrating the Karma Memory system for AI agents, enabling context-aware conversations and dynamic switching of memory retrieval and caching strategies.