sqle ≤4.2511.0 Authentication Bypass by Primary Weaknessالمعلومات

عنوان	https://github.com/actiontech https://github.com/actiontech/sqle ≤4.2511.0 Authentication Bypass by Primary Weakness
الوصف	The SQLE file contains a hard-coded JWT authentication key and valid JWT credentials. An attacker could exploit this vulnerability to bypass the system's authentication credential mechanism and gain full system privileges. Regarding the default JWT key, once the system is deployed, the JWT encryption key will be []byte("secret"). Furthermore, the codebase also hard-coded a super administrator's credential that would not expire until 2073, posing a significant security risk to the system.
المصدر	⚠️ https://github.com/actiontech/sqle/issues/3186
المستخدم	28Hus (UID 92415)
ارسال	09/12/2025 03:59 PM (6 أشهر منذ)
الاعتدال	27/12/2025 12:07 AM (17 days later)
الحالة	تمت الموافقة
إدخال VulDB	338478 [actiontech sqle حتى 4.2511.0 JWT Secret sqle/utils/jwt.go JWTSecretKey تشفير ضعيف]
النقاط	20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!