2 matches found
The vulnerability of the management console for the service mesh based on Kiali in Istio, related to the use of a hard-coded encryption key, allows attackers to escalate their privileges.
The vulnerability of the management console for the Istio Kiali service mesh is related to the use of a strictly encrypted encryption key. Exploiting this vulnerability allows an attacker to enhance their privileges by creating self-signed access tokens...
PT-2020-2707 · Istio · Kiali
Name of the Vulnerable Software and Affected Versions: Kiali versions prior to 1.15.1 Description: The issue is related to a hard-coded cryptographic key in the default configuration file of Kiali, which is part of the Istio service mesh. This flaw can be exploited by a remote attacker to create...