제출 #752756: rachelos WeRSS WeRSS<=1.4.8 Weak Authentication정보

제목	rachelos WeRSS WeRSS<=1.4.8 Weak Authentication
설명	WeRSS(https://github.com/rachelos/we-mp-rss/) uses hardcoded weak default JWT secret keys, and the default key in the configuration file is also predictable (project name). Attackers can use these default keys to forge valid administrator tokens, completely bypassing authentication detail:https://www.notion.so/WeRSS-Weak-JWT-Key-Leading-to-Authentication-Bypass-2feea92a3c41803faadae58327facd7b
원천	⚠️ https://www.notion.so/WeRSS-Weak-JWT-Key-Leading-to-Authentication-Bypass-2feea92a3c41803faadae58327facd7b
사용자	din4 (UID 50867)
제출	2026. 02. 05. AM 08:57 (3 개월 ago)
모더레이션	2026. 02. 08. AM 09:30 (3 days later)
상태	수락
VulDB 항목	344932 [rachelos WeRSS we-mp-rss 까지 1.4.8 JWT core/auth.py SECRET_KEY 정보 공개]
포인트들	16

Interested in the pricing of exploits?

See the underground prices here!