| 제목 | https://github.com/getmaxun https://github.com/getmaxun/maxun ≤ v0.0.28 Authentication Bypass by Primary Weakness |
|---|
| 설명 | Maxun has a default JWT encryption key, and the key value is the open-source default value in the official deployment tutorial. This has also been verified in their cloud service. Once an attacker knows this authentication key, they can forge the identity credentials of all users and thus take over the backend. |
|---|
| 원천 | ⚠️ https://gist.github.com/H2u8s/40be31987e52fc81076b6bfcfbdf3cd6 |
|---|
| 사용자 | 28Hus (UID 92415) |
|---|
| 제출 | 2025. 12. 09. PM 03:22 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 26. PM 07:11 (17 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 338476 [getmaxun 까지 0.0.28 auth.ts api_key 약한 암호화] |
|---|
| 포인트들 | 17 |
|---|