mcp_server
by samreensami
Overview
A simple bank system API that allows users to create accounts, authenticate, deposit/transfer funds, and view transaction history, along with unprotected administrative endpoints to view all accounts and transactions.
Installation
uvicorn main:app --host 0.0.0.0 --port 8000 --reloadSecurity Notes
Critical authorization bypass: All core financial operations (deposit, transfer, view balance, view transactions) and administrative endpoints (view all accounts, view all transactions) are exposed without any authentication or authorization. An attacker merely needs to know an `account_id` (which is returned upon initial login) to perform unauthorized transactions or view all sensitive data. No proper session management, JWT, or OAuth is implemented. The authentication endpoint also distinguishes between 'account not found' and 'invalid PIN', which aids in account enumeration. No rate limiting is present.
Similar Servers
rmcp
Serves as an AI assistant backend to perform comprehensive statistical analysis, econometric modeling, machine learning, time series analysis, and data science tasks using R through natural language conversations.
ls-mcp
A command-line tool for discovering, analyzing, and reporting on Model Context Protocol (MCP) server configurations in a local development environment, including their status, versioning, and potential credential exposures.
company-docs-mcp
Transforms organizational documentation into an AI-powered knowledge base for semantic search, Q&A via chat interface, Claude Desktop, and Slack integration.
karma
Provides a plug-and-play Knowledge Graph service via the Model Context Protocol (MCP), allowing AI agents to store, retrieve, and manage structured and unstructured knowledge (entities, relations, observations).