| 제목 | https://github.com/actiontech https://github.com/actiontech/sqle ≤4.2511.0 Authentication Bypass by Primary Weakness |
|---|
| 설명 | The SQLE file contains a hard-coded JWT authentication key and valid JWT credentials. An attacker could exploit this vulnerability to bypass the system's authentication credential mechanism and gain full system privileges. Regarding the default JWT key, once the system is deployed, the JWT encryption key will be []byte("secret"). Furthermore, the codebase also hard-coded a super administrator's credential that would not expire until 2073, posing a significant security risk to the system. |
|---|
| 원천 | ⚠️ https://github.com/actiontech/sqle/issues/3186 |
|---|
| 사용자 | 28Hus (UID 92415) |
|---|
| 제출 | 2025. 12. 09. PM 03:59 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 27. AM 12:07 (17 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 338478 [actiontech sqle 까지 4.2511.0 JWT Secret sqle/utils/jwt.go JWTSecretKey 약한 암호화] |
|---|
| 포인트들 | 20 |
|---|