إرسال #752756: rachelos WeRSS WeRSS<=1.4.8 Weak Authenticationالمعلومات

عنوانrachelos WeRSS WeRSS<=1.4.8 Weak Authentication
الوصفWeRSS(https://github.com/rachelos/we-mp-rss/) uses hardcoded weak default JWT secret keys, and the default key in the configuration file is also predictable (project name). Attackers can use these default keys to forge valid administrator tokens, completely bypassing authentication detail:https://www.notion.so/WeRSS-Weak-JWT-Key-Leading-to-Authentication-Bypass-2feea92a3c41803faadae58327facd7b
المصدر⚠️ https://www.notion.so/WeRSS-Weak-JWT-Key-Leading-to-Authentication-Bypass-2feea92a3c41803faadae58327facd7b
المستخدم
 din4 (UID 50867)
ارسال05/02/2026 08:57 AM (3 أشهر منذ)
الاعتدال08/02/2026 09:30 AM (3 days later)
الحالةتمت الموافقة
إدخال VulDB344932 [rachelos WeRSS we-mp-rss حتى 1.4.8 JWT core/auth.py SECRET_KEY الكشف عن المعلومات]
النقاط16

التالي نظرة عامة السابق

Do you need the next level of professionalism?

Upgrade your account now!