| عنوان | demozx gf_cms None Hard-coded Credentials |
|---|
| الوصف | func init() {
service.RegisterAuth(New())
auth := jwt.New(&jwt.GfJWTMiddleware{
Realm: "test zone",
Key: []byte("secret key"),
Timeout: time.Minute * 5,
MaxRefresh: time.Minute * 5,
IdentityKey: "id",
TokenLookup: "header: Authorization, query: token, cookie: jwt",
TokenHeadName: "Bearer",
TimeFunc: time.Now,
Authenticator: Auth().Authenticator,
Unauthorized: Auth().Unauthorized,
PayloadFunc: Auth().PayloadFunc,
IdentityHandler: Auth().IdentityHandler,
})
authService = auth
}
In file ` internal/logic/auth/auth. Go ` line 37, there is a hard coded Key (Key) value, namely the "secret Key". Hard-coded credentials (such as keys, passwords, API keys, etc.) are one of the common mistakes of security development. If an attacker has access to these hard-coded credentials, they may be able to exploit them
Data to access a system or service. Hard-coded credentials often lead to security risks because they make it easier for attackers to obtain sensitive information and potentially use it to perform malicious activities. |
|---|
| المصدر | ⚠️ https://github.com/demozx/gf_cms/issues/5 |
|---|
| المستخدم | zihe (UID 56943) |
|---|
| ارسال | 19/08/2024 02:40 PM (2 سنوات منذ) |
|---|
| الاعتدال | 20/08/2024 10:16 AM (20 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 275199 [demozx gf_cms 1.0/1.0.1 JWT Authentication auth.go init توثيق ضعيف] |
|---|
| النقاط | 20 |
|---|