Submeter #603746: https://github.com/Done-0 https://github.com/Done-0/Jank 9b7b0cb Authorization Bypassinformação

Títulohttps://github.com/Done-0 https://github.com/Done-0/Jank 9b7b0cb Authorization Bypass
Descrição The JWT secret key is hardcoded in the source code, making it easy for an attacker to forge valid JWT tokens and bypass authentication mechanisms. You can easily forge a valid Token and create any posts or comments with it. Details can be found in https://github.com/Done-0/Jank/issues/9.
Fonte⚠️ https://github.com/Done-0/Jank/issues/9
Utilizador
 Tritium (UID 50779)
Submissão25/06/2025 13h07 (há 10 meses)
Moderação05/07/2025 14h48 (10 days later)
EstadoAceite
Entrada VulDB314994 [Done-0 Jank até 322caebbad10568460364b9667aa62c3080bfc17 JWT Token jwt_utils.go accessSecret/refreshSecret Autenticação fraca]
Pontos18

VoltarVisão GeralPróximo

Want to know what is going to be exploited?

We predict KEV entries!