Submit #711519: https://github.com/PandaXGO https://github.com/PandaXGO/PandaX before commit fb8ff40f7ce5dfebdf66306c6d85625061faf7e5 (As of December 10, 2025) Authentication Bypass by Primary Weaknessinfo

Titelhttps://github.com/PandaXGO https://github.com/PandaXGO/PandaX before commit fb8ff40f7ce5dfebdf66306c6d85625061faf7e5 (As of December 10, 2025) Authentication Bypass by Primary Weakness
BeschreibungPandaX uses a hard-coded JWT authentication key, and the authentication field logic in the authentication mechanism is insecure, allowing attackers to easily forge super administrator credentials and take over the entire system.
Quelle⚠️ https://github.com/PandaXGO/PandaX/issues/9
Benutzer
 28Hus (UID 92415)
Einreichung10.12.2025 04:22 (vor 6 Monaten)
Moderieren27.12.2025 00:10 (17 days later)
StatusAkzeptiert
VulDB Eintrag338479 [PandaXGO PandaX bis fb8ff40f7ce5dfebdf66306c6d85625061faf7e5 JWT Secret config.yml key schwache Verschlüsselung]
Punkte16

ZurückÜbersichtWeiter

Do you know our Splunk app?

Download it now for free!