제출 #766444: open-webui 6.16 Use of Hard-coded Cryptographic Key정보

제목open-webui 6.16 Use of Hard-coded Cryptographic Key
설명https://github.com/open-webui/open-webui/blob/4770285c04b81dfc3eb9ac173dfb2a8afef68105/backend/start_windows.bat#L27,In the script By default%WEBUI_SECRET_KEY%%WEBUI_JWT_SECRET_KEY%is equal to""instead of" ". Therefore, in a Windows environment, when using start_windows.bat to start open-webui, a random JWT_SECRET_KEY cannot be generated correctly, but rather a hard coded one. This situation may be vulnerable to JWT forgery attacks
원천⚠️ https://huntr.com/bounties/b9fc7fee-d25d-4100-9703-5e78a61e1ce4
사용자
 I4m6da (UID 95320)
제출2026. 02. 24. PM 01:34 (1 월 ago)
모더레이션2026. 03. 07. PM 06:27 (11 days later)
상태수락
VulDB 항목349701 [open-webui 까지 0.6.16 JWT Key start_windows.bat WEBUI_SECRET_KEY 약한 암호화]
포인트들20

이전개요다음

Might our Artificial Intelligence support you?

Check our Alexa App!