Submit #752756: rachelos WeRSS WeRSS<=1.4.8 Weak Authenticationinfo

Titelrachelos WeRSS WeRSS<=1.4.8 Weak Authentication
BeschreibungWeRSS(https://github.com/rachelos/we-mp-rss/) uses hardcoded weak default JWT secret keys, and the default key in the configuration file is also predictable (project name). Attackers can use these default keys to forge valid administrator tokens, completely bypassing authentication detail:https://www.notion.so/WeRSS-Weak-JWT-Key-Leading-to-Authentication-Bypass-2feea92a3c41803faadae58327facd7b
Quelle⚠️ https://www.notion.so/WeRSS-Weak-JWT-Key-Leading-to-Authentication-Bypass-2feea92a3c41803faadae58327facd7b
Benutzer
 din4 (UID 50867)
Einreichung05.02.2026 08:57 (vor 3 Monaten)
Moderieren08.02.2026 09:30 (3 days later)
StatusAkzeptiert
VulDB Eintrag344932 [rachelos WeRSS we-mp-rss bis 1.4.8 JWT core/auth.py SECRET_KEY Information Disclosure]
Punkte16

ZurückÜbersichtWeiter

Do you know our Splunk app?

Download it now for free!