제출 #659843: CRMeB v5.6.1 Use of hard-coded / weak cryptographic key (CWE-321 / CWE-798) —정보

제목CRMeB v5.6.1 Use of hard-coded / weak cryptographic key (CWE-321 / CWE-798) —
설명CRMeB ships with a weak, predictable default JWT HMAC secret value set to "default". The official demo instance (v5.crmeb.net) and fresh deployments use the same default secret. Because the HMAC secret is known/predictable, an attacker can sign arbitrary HS256 JWTs that the server will accept. This allows forging tokens that impersonate any user (including administrators), resulting in authentication bypass, privilege escalation (administrator takeover), and unauthorized access to protected APIs and sensitive business data. Reproduction (concise) 1. Obtain a JWT issued by the CRMeB demo or deploy a fresh CRMeB instance. 2. Confirm iss claim (e.g., v5.crmeb.net) in the token payload. 3. Use the known secret "default" to sign an HS256 JWT with elevated claims (for example, {"jti":{"id":5,"type":"admin"}}). 4. Send the forged token in Authorization: Bearer <forged_jwt> to protected/admin endpoints — the server accepts the token and grants access. Evidence • Observed JWT from demo: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9....V3jebfZZJPpfLBT0TTu53rxSZfaNB4U-zusdikcJSFk (full token available). • Recovered HMAC secret: default. • iss claim points to v5.crmeb.net, confirming demo origin. Impact • Authentication bypass (any account impersonation) • Privilege escalation / administrator takeover • Unauthorized access and potential data exfiltration Suggested remediation (short) • Remove hard-coded/weak default secrets. Generate a strong random JWT secret at install time and require administrators to set/rotate it. • Invalidate tokens signed with the default secret and add documentation/warnings about secret management. Official demonstration website address: https://v5.crmeb.net/admin/login?redirect=%2Fadmin%2Findex
사용자
 BlackSpdier (UID 89912)
제출2025. 09. 22. AM 11:01 (7 개월 ago)
모더레이션2025. 10. 04. PM 08:31 (12 days later)
상태수락
VulDB 항목327171 [CRMEB 까지 5.6.1 JWT HMAC Secret secret 약한 암호화]
포인트들17

이전개요다음

Do you need the next level of professionalism?

Upgrade your account now!