Enviar #752756: rachelos WeRSS WeRSS<=1.4.8 Weak Authenticationinformación

Título	rachelos WeRSS WeRSS<=1.4.8 Weak Authentication
Descripción	WeRSS(https://github.com/rachelos/we-mp-rss/) uses hardcoded weak default JWT secret keys, and the default key in the configuration file is also predictable (project name). Attackers can use these default keys to forge valid administrator tokens, completely bypassing authentication detail:https://www.notion.so/WeRSS-Weak-JWT-Key-Leading-to-Authentication-Bypass-2feea92a3c41803faadae58327facd7b
Fuente	⚠️ https://www.notion.so/WeRSS-Weak-JWT-Key-Leading-to-Authentication-Bypass-2feea92a3c41803faadae58327facd7b
Usuario	din4 (UID 50867)
Sumisión	2026-02-05 08:57 (hace 3 meses)
Moderación	2026-02-08 09:30 (3 days later)
Estado	Aceptado
Entrada de VulDB	344932 [rachelos WeRSS we-mp-rss hasta 1.4.8 JWT core/auth.py SECRET_KEY divulgación de información]
Puntos	16

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!