Flowise: Weak Default JWT Secrets

Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Severity | Critical | | Location | packages/server/src/enterprise/middleware/passport/index.ts:29-34 | | Practical Exploitability | High | | Developer Approver | [email protected] | Description JWT secrets have weak...

PT-2024-10395 · Unknown · Mxview One

Name of the Vulnerable Software and Affected Versions: MXview One affected versions not specified Description: The issue allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure...

Weak JWT Secrets

github.com/IceWhaleTech/CasaOS is vulnerable to Weak JWT Secrets. The vulnerability exists because the InitV1Router function of v1.go and InitV2Router function of v2.go does not properly validate the JWT tokens, which allows an attacker to send maliciously crafted JWTs and access the features tha...

340 weak JWT secrets you should check in your code

JSON Web Token JWT is the data format with bill-in signature and encryption mechanisms that are often used by modern web applications to store user sessions and application context, including authentication by SSO and meta-data. Usually, you can find JWT tokens in an Authentication Bearer HTTP...