3 matches found
CVE-2024-53356
Weak JWT Secret vulnerabilitiy in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote attackers to generate JWT for privilege escalation. The HMAC secret used for generating tokens is hardcoded as "somerandomaccesstoken". A weak HMAC secret poses a risk because attackers can use the...
CVE-2022-44796
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically...
CVE-2021-27884
Weak JSON Web Token JWT signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used...