4 matches found
CVE-2018-14474
views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup...
CVE-2024-8005 demozx gf_cms JWT Authentication auth.go init hard-coded credentials
A vulnerability was found in demozx gfcms 1.0/1.0.1. It has been classified as critical. This affects the function init of the file internal/logic/auth/auth.go of the component JWT Authentication. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. Th...
CVE-2024-8005 demozx gf_cms JWT Authentication auth.go init hard-coded credentials
A vulnerability was found in demozx gfcms 1.0/1.0.1. It has been classified as critical. This affects the function init of the file internal/logic/auth/auth.go of the component JWT Authentication. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. Th...
Timing Attack
github.com/ginuerzh/gost is vulnerable to Timing Attacks. The vulnerability exists because the Authenticate function of auth.go does not properly compare sensitive secrets such as passwords, tokens and API keys using constant-time comparison, which allows an attacker to guess a secret by observin...