Submit #603746: https://github.com/Done-0 https://github.com/Done-0/Jank 9b7b0cb Authorization Bypassinfo

Titelhttps://github.com/Done-0 https://github.com/Done-0/Jank 9b7b0cb Authorization Bypass
Beschreibung The JWT secret key is hardcoded in the source code, making it easy for an attacker to forge valid JWT tokens and bypass authentication mechanisms. You can easily forge a valid Token and create any posts or comments with it. Details can be found in https://github.com/Done-0/Jank/issues/9.
Quelle⚠️ https://github.com/Done-0/Jank/issues/9
Benutzer
 Tritium (UID 50779)
Einreichung25.06.2025 13:07 (vor 10 Monaten)
Moderieren05.07.2025 14:48 (10 days later)
StatusAkzeptiert
VulDB Eintrag314994 [Done-0 Jank bis 322caebbad10568460364b9667aa62c3080bfc17 JWT Token jwt_utils.go accessSecret/refreshSecret schwache Authentisierung]
Punkte18

ZurückÜbersichtWeiter

Want to know what is going to be exploited?

We predict KEV entries!