| Название | https://github.com/getmaxun https://github.com/getmaxun/maxun ≤ v0.0.28 Authentication Bypass by Primary Weakness |
|---|
| Описание | Maxun has a default JWT encryption key, and the key value is the open-source default value in the official deployment tutorial. This has also been verified in their cloud service. Once an attacker knows this authentication key, they can forge the identity credentials of all users and thus take over the backend. |
|---|
| Источник | ⚠️ https://gist.github.com/H2u8s/40be31987e52fc81076b6bfcfbdf3cd6 |
|---|
| Пользователь | 28Hus (UID 92415) |
|---|
| Представление | 09.12.2025 15:22 (6 месяцы назад) |
|---|
| Модерация | 26.12.2025 19:11 (17 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 338476 [getmaxun до 0.0.28 auth.ts api_key слабое шифрование] |
|---|
| Баллы | 17 |
|---|