Enviar #710256: https://github.com/getmaxun https://github.com/getmaxun/maxun ≤ v0.0.28 Authentication Bypass by Primary Weaknessinformación

Títulohttps://github.com/getmaxun https://github.com/getmaxun/maxun ≤ v0.0.28 Authentication Bypass by Primary Weakness
DescripciónMaxun has a default JWT encryption key, and the key value is the open-source default value in the official deployment tutorial. This has also been verified in their cloud service. Once an attacker knows this authentication key, they can forge the identity credentials of all users and thus take over the backend.
Fuente⚠️ https://gist.github.com/H2u8s/40be31987e52fc81076b6bfcfbdf3cd6
Usuario
 28Hus (UID 92415)
Sumisión2025-12-09 15:22 (hace 6 meses)
Moderación2025-12-26 19:11 (17 days later)
EstadoAceptado
Entrada de VulDB338476 [getmaxun hasta 0.0.28 auth.ts api_key cifrado débil]
Puntos17

AnteriorVisión De ConjuntoPróximo

Do you need the next level of professionalism?

Upgrade your account now!