| タイトル | https://github.com/getmaxun https://github.com/getmaxun/maxun ≤ v0.0.28 Authentication Bypass by Primary Weakness |
|---|
| 説明 | Maxun has a default JWT encryption key, and the key value is the open-source default value in the official deployment tutorial. This has also been verified in their cloud service. Once an attacker knows this authentication key, they can forge the identity credentials of all users and thus take over the backend. |
|---|
| ソース | ⚠️ https://gist.github.com/H2u8s/40be31987e52fc81076b6bfcfbdf3cd6 |
|---|
| ユーザー | 28Hus (UID 92415) |
|---|
| 送信 | 2025年12月09日 15:22 (6 月 ago) |
|---|
| モデレーション | 2025年12月26日 19:11 (17 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 338476 [getmaxun 迄 0.0.28 auth.ts api_key 弱い暗号化] |
|---|
| ポイント | 17 |
|---|