Invia #628233: linlinjava litemall ≤ v1.8.0 Hardcoded JWT Secret(CWE-798)informazioni

Titololinlinjava litemall ≤ v1.8.0 Hardcoded JWT Secret(CWE-798)
DescrizioneA hardcoded JWT secret vulnerability exists in Litemall versions ≤ 1.8.0. The issue is located in: litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHelper.java The developers hardcoded the JWT secret directly into the source code, resulting in a predictable and static key for signing JSON Web Tokens (JWTs). This weakness enables attackers to forge valid JWTs, potentially leading to privilege escalation and unauthorized access.
Fonte⚠️ https://github.com/linlinjava/litemall/issues/568
Utente
 ez-lbz (UID 87033)
Sottomissione04/08/2025 17:16 (11 mesi fa)
Moderazione13/08/2025 18:26 (9 days later)
StatoAccettato
Voce VulDB319970 [linlinjava litemall fino a 1.8.0 JSON Web Token JwtHelper.java SECRET autenticazione debole]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Might our Artificial Intelligence support you?

Check our Alexa App!