| शीर्षक | https://github.com/Done-0 https://github.com/Done-0/Jank 9b7b0cb Authorization Bypass |
|---|
| विवरण |
The JWT secret key is hardcoded in the source code, making it easy for an attacker to forge valid JWT tokens and bypass authentication mechanisms. You can easily forge a valid Token and create any posts or comments with it.
Details can be found in https://github.com/Done-0/Jank/issues/9. |
|---|
| स्रोत | ⚠️ https://github.com/Done-0/Jank/issues/9 |
|---|
| उपयोगकर्ता | Tritium (UID 50779) |
|---|
| सबमिशन | 25/06/2025 01:07 PM (10 महीनों पहले) |
|---|
| संयम | 05/07/2025 02:48 PM (10 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 314994 [Done-0 Jank तक 322caebbad10568460364b9667aa62c3080bfc17 JWT Token jwt_utils.go accessSecret/refreshSecret कमजोर प्रमाणीकरण] |
|---|
| अंक | 18 |
|---|