8 matches found
CVE-2023-53951
Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions...
CVE-2023-53951
CVE-2023-53951 concerns Ever Gauzy v0.281.9, where a weak HMAC secret in the JWT authentication implementation allows forging tokens to authenticate with administrative permissions. The vulnerability is evidenced across multiple sources (including Red Hat, NVD/CNNVD-type records, CIRCL sightings,...
EUVD-2025-204596
Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions...
CVE-2023-53951 Ever Gauzy v0.281.9 JWT Authentication Weakness via HMAC Secret
Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions...
Use Of Hard-Coded Credentials
@evershop/evershop is vulnerable to the Use Of Hard-Coded Credentials. The vulnerability is due to the exposure of a weak HMAC secret. Attackers can use the predictable secret to create valid JSON Web Tokens JWT, which allows them access to sensitive information...
EverShop at risk to unauthorized access via weak HMAC secret
An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.9. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens JWTs, allowing them access t...
CVE-2023-46943
An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens JWTs, allowing them access t...
ever gauzy v0.281.9 - JWT weak HMAC secret Vulnerability
Exploit Title: ever gauzy v0.281.9 - JWT weak HMAC secret Author: nu11secur1ty Vendor: https://gauzy.co/ Software: https://github.com/ever-co/ever-gauzy/releases/tag/v0.281.9 Reference: https://portswigger.net/kb/issues/00200903jwt-weak-hmac-secret Description: It was, detected a JWT signed using...