| 제목 | demozx gf_cms None Hard-coded Credentials |
|---|
| 설명 | func init() {
service.RegisterAuth(New())
auth := jwt.New(&jwt.GfJWTMiddleware{
Realm: "test zone",
Key: []byte("secret key"),
Timeout: time.Minute * 5,
MaxRefresh: time.Minute * 5,
IdentityKey: "id",
TokenLookup: "header: Authorization, query: token, cookie: jwt",
TokenHeadName: "Bearer",
TimeFunc: time.Now,
Authenticator: Auth().Authenticator,
Unauthorized: Auth().Unauthorized,
PayloadFunc: Auth().PayloadFunc,
IdentityHandler: Auth().IdentityHandler,
})
authService = auth
}
In file ` internal/logic/auth/auth. Go ` line 37, there is a hard coded Key (Key) value, namely the "secret Key". Hard-coded credentials (such as keys, passwords, API keys, etc.) are one of the common mistakes of security development. If an attacker has access to these hard-coded credentials, they may be able to exploit them
Data to access a system or service. Hard-coded credentials often lead to security risks because they make it easier for attackers to obtain sensitive information and potentially use it to perform malicious activities. |
|---|
| 원천 | ⚠️ https://github.com/demozx/gf_cms/issues/5 |
|---|
| 사용자 | zihe (UID 56943) |
|---|
| 제출 | 2024. 08. 19. PM 02:40 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 08. 20. AM 10:16 (20 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 275199 [demozx gf_cms 1.0/1.0.1 JWT Authentication auth.go init 약한 인증] |
|---|
| 포인트들 | 20 |
|---|