355 matches found
Use of Hard-coded Password
Overview Affected versions of this package are vulnerable to Use of Hard-coded Password via the mySecret argument in the JWT Token Handler process. An attacker can gain unauthorized access to sensitive information by exploiting the presence of a hard-coded secret value in authentication mechanism...
CVE-2025-7079
A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebellbackend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plu...
CVE-2025-7080 Done-0 Jank JWT Token jwt_utils.go hard-coded password
A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwtutils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret wit...
CVE-2025-7080
The CVE affects the Done-0 Jank JWT Token Handler (internal/utils/jwt_utils.go). The issue arises from manipulating the arguments accessSecret and refreshSecret (values jank-blog-secret and jank-blog-refresh-secret), which leads to use of a hard-coded password. Exploitation is possible remotely, ...
CVE-2025-7080 Done-0 Jank JWT Token jwt_utils.go hard-coded password
A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwtutils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret wit...
CVE-2025-7079 mao888 bluebell-plus JWT Token jwt.go hard-coded password
A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebellbackend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plu...
CVE-2025-7079 mao888 bluebell-plus JWT Token jwt.go hard-coded password
A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebellbackend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plu...
CVE-2025-7079
The CVE affects mao888 bluebell-plus up to version 2.3.0, specifically the JWT Token Handler in bluebell_backend/pkg/jwt/jwt.go. The issue stems from manipulating the mySecret argument, which leads to a hard-coded password being used. Exploitation can be remote and the attack has high complexity;...
PT-2025-28072 · Unknown · Mao888 Bluebell-Plus
Name of the Vulnerable Software and Affected Versions: mao888 bluebell-plus versions up to 2.3.0 Description: A problematic vulnerability has been found in the JWT Token Handler component, affecting the processing of the file bluebell backend/pkg/jwt/jwt.go. The issue involves the manipulation of...
PT-2025-28073 · Unknown · Done-0 Jank
Name of the Vulnerable Software and Affected Versions: Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17 Description: A problematic issue was found in the JWT Token Handler component, specifically in the file internal/utils/jwt utils.go. The manipulation of the accessSecret/refreshSecret...
CVE-2025-35940
The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints...
CVE-2025-35940 Hard-coded ArchiverSpaApi JWT Signing Key
The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints...
CVE-2025-35940
The CVE-2025-35940 entry concerns ArchiverSpaApi (ASP.NET) that uses a hard-coded JWT signing key. The information across sources indicates an unauthenticated attacker can generate a verifiable JWT token to access protected ArchiverSpaApi endpoints (e.g., /api/v1/login, /users/{id}). The Red Hat ...
CVE-2025-49001
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10. No known workarounds are available...
CVE-2025-49001
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10. No known workarounds are available...
CVE-2025-49001 Dataease Authentication Bypass Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10. No known workarounds are available...
CVE-2025-49001 Dataease Authentication Bypass Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10. No known workarounds are available...
CVE-2025-49001
DataEase (open source BI tool) prior to 2.10.10 is affected by an authentication bypass: secret verification does not take effect, allowing a JWT to be forged with any secret. Multiple sources confirm the issue and its fix in version 2.10.10. Remediation is to upgrade to 2.10.10 or later; no publ...
CVE-2025-49001 Dataease Authentication Bypass Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10. No known workarounds are available...
PT-2025-23670 · Dataease · Dataease
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.10 Description: The issue concerns ineffective secret verification in DataEase, allowing a user to forge a JWT token using any secret. This could potentially lead to unauthorized access. The problem has been...