| Title | https://github.com/getmaxun https://github.com/getmaxun/maxun ≤ v0.0.28 Authentication Bypass by Primary Weakness |
|---|
| Description | Maxun has a default JWT encryption key, and the key value is the open-source default value in the official deployment tutorial. This has also been verified in their cloud service. Once an attacker knows this authentication key, they can forge the identity credentials of all users and thus take over the backend. |
|---|
| Source | ⚠️ https://gist.github.com/H2u8s/40be31987e52fc81076b6bfcfbdf3cd6 |
|---|
| User | 28Hus (UID 92415) |
|---|
| Submission | 12/09/2025 15:22 (6 months ago) |
|---|
| Moderation | 12/26/2025 19:11 (17 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 338476 [getmaxun up to 0.0.28 auth.ts api_key hard-coded key] |
|---|
| Points | 17 |
|---|