Enviar #710380: https://github.com/actiontech https://github.com/actiontech/sqle ≤4.2511.0 Authentication Bypass by Primary Weaknessinformación

Títulohttps://github.com/actiontech https://github.com/actiontech/sqle ≤4.2511.0 Authentication Bypass by Primary Weakness
DescripciónThe SQLE file contains a hard-coded JWT authentication key and valid JWT credentials. An attacker could exploit this vulnerability to bypass the system's authentication credential mechanism and gain full system privileges. Regarding the default JWT key, once the system is deployed, the JWT encryption key will be []byte("secret"). Furthermore, the codebase also hard-coded a super administrator's credential that would not expire until 2073, posing a significant security risk to the system.
Fuente⚠️ https://github.com/actiontech/sqle/issues/3186
Usuario
 28Hus (UID 92415)
Sumisión2025-12-09 15:59 (hace 6 meses)
Moderación2025-12-27 00:07 (17 days later)
EstadoAceptado
Entrada de VulDB338478 [actiontech sqle hasta 4.2511.0 JWT Secret sqle/utils/jwt.go JWTSecretKey cifrado débil]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!