| Titel | FIT2CLOUD SQLBot 1.3.0 Improper Verification of Cryptographic Signature |
|---|
| Beschreibung | SQLBot version 1.3.0 and earlier contains a JWT signature verification bypass vulnerability in the embedded authentication mechanism. The validateEmbedded function explicitly disables both signature verification (verify_signature: False) and expiration verification (verify_exp: False) when decoding JWT tokens, allowing an attacker to forge arbitrary JWT tokens and impersonate any user if they know a valid assistant/embedded ID. |
|---|
| Quelle | ⚠️ https://github.com/yaowenxiao721/Poc/blob/main/SQLBot/SQLBot-JWT-Signature-Verification-Bypass.md |
|---|
| Benutzer | yaowenxiao (UID 82929) |
|---|
| Einreichung | 05.12.2025 16:29 (vor 4 Monaten) |
|---|
| Moderieren | 01.03.2026 07:31 (3 months later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 348292 [Dataease SQLBot bis 1.5.1 JWT Token auth.py validateEmbedded schwache Authentisierung] |
|---|
| Punkte | 20 |
|---|