Submeter #752756: rachelos WeRSS WeRSS<=1.4.8 Weak Authenticationinformação

Títulorachelos WeRSS WeRSS<=1.4.8 Weak Authentication
DescriçãoWeRSS(https://github.com/rachelos/we-mp-rss/) uses hardcoded weak default JWT secret keys, and the default key in the configuration file is also predictable (project name). Attackers can use these default keys to forge valid administrator tokens, completely bypassing authentication detail:https://www.notion.so/WeRSS-Weak-JWT-Key-Leading-to-Authentication-Bypass-2feea92a3c41803faadae58327facd7b
Fonte⚠️ https://www.notion.so/WeRSS-Weak-JWT-Key-Leading-to-Authentication-Bypass-2feea92a3c41803faadae58327facd7b
Utilizador
 din4 (UID 50867)
Submissão05/02/2026 08h57 (há 3 meses)
Moderação08/02/2026 09h30 (3 days later)
EstadoAceite
Entrada VulDB344932 [rachelos WeRSS we-mp-rss até 1.4.8 JWT core/auth.py SECRET_KEY Divulgação de Informação]
Pontos16

VoltarVisão GeralPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!