Submeter #710256: https://github.com/getmaxun https://github.com/getmaxun/maxun ≤ v0.0.28 Authentication Bypass by Primary Weaknessinformação

Títulohttps://github.com/getmaxun https://github.com/getmaxun/maxun ≤ v0.0.28 Authentication Bypass by Primary Weakness
DescriçãoMaxun has a default JWT encryption key, and the key value is the open-source default value in the official deployment tutorial. This has also been verified in their cloud service. Once an attacker knows this authentication key, they can forge the identity credentials of all users and thus take over the backend.
Fonte⚠️ https://gist.github.com/H2u8s/40be31987e52fc81076b6bfcfbdf3cd6
Utilizador
 28Hus (UID 92415)
Submissão09/12/2025 15h22 (há 6 meses)
Moderação26/12/2025 19h11 (17 days later)
EstadoAceite
Entrada VulDB338476 [getmaxun até 0.0.28 auth.ts api_key Encriptação fraca]
Pontos17

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!