| 제목 | https://github.com/Done-0 https://github.com/Done-0/Jank 9b7b0cb Authorization Bypass |
|---|
| 설명 |
The JWT secret key is hardcoded in the source code, making it easy for an attacker to forge valid JWT tokens and bypass authentication mechanisms. You can easily forge a valid Token and create any posts or comments with it.
Details can be found in https://github.com/Done-0/Jank/issues/9. |
|---|
| 원천 | ⚠️ https://github.com/Done-0/Jank/issues/9 |
|---|
| 사용자 | Tritium (UID 50779) |
|---|
| 제출 | 2025. 06. 25. PM 01:07 (10 개월 ago) |
|---|
| 모더레이션 | 2025. 07. 05. PM 02:48 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 314994 [Done-0 Jank 까지 322caebbad10568460364b9667aa62c3080bfc17 JWT Token jwt_utils.go accessSecret/refreshSecret 약한 인증] |
|---|
| 포인트들 | 18 |
|---|