8 matches found
CVE-2023-47315
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application’s JWT token and verify the incoming user-supplied tokens...
CVE-2025-30206
Dpanel uses a hard-coded JWT secret in its default configuration, enabling attackers to forge valid tokens and bypass authentication, potentially gaining full control of the host. The GO-2025-3612 entry cites remote code execution as the outcome of this flaw in github.com/donknap/dpanel. The advi...
CVE-2024-29855
Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator...
CVE-2024-29855
Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator...
CVE-2024-29855
Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator...
CVE-2024-29855
CVE-2024-29855 affects Veeam Recovery Orchestrator (VRO) Web Console. The root cause is a hard-coded JWT secret that enables authentication bypass, allowing an attacker to gain administrative access to the VRO web UI. Affected releases include VRO versions prior to the patched builds. According t...
CVE-2023-47315
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application’s JWT token and verify the incoming user-supplied tokens...
CVE-2023-47315
Headwind MDM Web panel 5.22.1 is affected by CVE-2023-47315 due to a hard-coded JWT secret that signs and verifies tokens, enabling Incorrect Access Control. The secret is embedded in the source, which is publicly accessible, allowing token forgery or tampering. Impact is described as high (CVSS ...