| Title | https://github.com/macrozheng/mall <=1.0.3 JWT Secret Hardcoded lead to Account Take Over |
|---|
| Description | The JWT secret is hardcoded in YAML files is generally considered a security vulnerability. If users use default secrets or if they are leaked, it will allow attackers to take over arbitrary accounts by forging JWT tokens.
|
|---|
| Source | ⚠️ https://github.com/zast-ai/vulnerability-reports/blob/main/mall/JWT_secret_hardcoded.md |
|---|
| User | ZAST.AI (UID 87884) |
|---|
| Submission | 07/14/2025 11:53 (9 months ago) |
|---|
| Moderation | 07/25/2025 10:54 (11 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 285842 [macrozheng mall up to 1.0.3 JWT Token default key] |
|---|
| Points | 0 |
|---|