GHSA-G962-2J28-3CG9 OliveTin has JWT Audience Validation Bypass in Local Key and HMAC Modes

Summary When JWT authentication is configured using either: - authJwtPubKeyPath local RSA public key, or - authJwtHmacSecret HMAC secret, the configured audience value authJwtAud is not enforced during token parsing. As a result, validly signed JWT tokens with an incorrect aud claim are accepted...

PT-2021-9837 · Mofi Network +1 · Mofi4500-4Gxelte +1

Name of the Vulnerable Software and Affected Versions: Mofi Network MOFI4500-4GXeLTE version 4.1.5-std Description: An issue was discovered where the Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom...