If you discover a security vulnerability in this system, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, contact the development team directly via private channels.

This system includes multiple security layers:

• Authentication: bcrypt password hashing, account lockout, optional USB hardware-bound auth
• Session Management: secure token generation, session fixation prevention
• API Security: Redis-backed rate limiting, input validation, prepared SQL statements
• Transport: HTTPS enforcement with HSTS headers
• Admin Panel: RBAC with granular permissions, IP whitelist support, CSRF protection
• Audit Trail: complete logging of all activation attempts and admin actions