Submit #603746: https://github.com/Done-0 https://github.com/Done-0/Jank 9b7b0cb Authorization Bypassinfo

Titlehttps://github.com/Done-0 https://github.com/Done-0/Jank 9b7b0cb Authorization Bypass
Description The JWT secret key is hardcoded in the source code, making it easy for an attacker to forge valid JWT tokens and bypass authentication mechanisms. You can easily forge a valid Token and create any posts or comments with it. Details can be found in https://github.com/Done-0/Jank/issues/9.
Source⚠️ https://github.com/Done-0/Jank/issues/9
User
 Tritium (UID 50779)
Submission06/25/2025 13:07 (10 months ago)
Moderation07/05/2025 14:48 (10 days later)
StatusAccepted
VulDB entry314994 [Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17 JWT Token jwt_utils.go accessSecret/refreshSecret hard-coded password]
Points18

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!