| tiêu đề | datavane datavanes <= 1.0.0-SNAPSHOT Improper Authentication |
|---|
| Mô tả | Datavines through the latest version has a JWT authentication bypass vulnerability in TokenManager.java and AuthenticationInterceptor.java. The JWT signing secret is hardcoded as a default value "asdqwe" in @Value("${jwt.token.secret:asdqwe}"), and the configuration key is absent from application.yaml, causing all default deployments to use the same secret. Additionally, AuthenticationInterceptor.preHandle() validates the token password by comparing it against itself (extracted from the same token via tokeManager.getPassword(token)) rather than against the database record, making the password check always pass. An unauthenticated attacker can forge a valid JWT token for any user (including admin) and gain full access to all protected API endpoints without knowing any credentials. |
|---|
| Nguồn | ⚠️ https://github.com/datavane/datavines/issues/580 |
|---|
| Người dùng | anch0r (UID 96691) |
|---|
| Đệ trình | 05/04/2026 09:38 (cách đây 23 ngày) |
|---|
| Kiểm duyệt | 25/04/2026 12:32 (20 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 359597 [Datavane Datavines đến 13607645e14a4982468cfdbcf75c85cde63bae71 JWT Token TokenManager.java tokenSecret mã hóa yếu] |
|---|
| điểm | 20 |
|---|