9 matches found
CVE-2025-68620
Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 expose two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combines WebSocket-based request enumeration with unauthenticated...
Authentication Bypass Using an Alternate Path or Channel
Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the startServerEvents and queryRequest functions. When allowreadonly is enabled, an unauthenticated...
Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling
SignalK Server exposes two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combines WebSocket-based request enumeration with unauthenticated polling of access request status. Unauthenticated WebSocket Request Enumeration: When ...
EUVD-2025-206136
Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling...
GHSA-FQ56-HVG6-WVM5 Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling
SignalK Server exposes two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combines WebSocket-based request enumeration with unauthenticated polling of access request status. Unauthenticated WebSocket Request Enumeration: When ...
CVE-2025-68620 Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling
Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 expose two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combines WebSocket-based request enumeration with unauthenticated...
CVE-2025-68620
CVE-2025-68620 concerns Signal K Server (v2.19.0 prior) where two flaws enable JWT token theft without authentication. First, Unauthenticated WebSocket Request Enumeration: connecting to the stream endpoint with serverevents=all exposes cached ACCESS_REQUEST events to readonly/unauthenticated use...
CVE-2025-68620 Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling
Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 expose two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combines WebSocket-based request enumeration with unauthenticated...
Signal K Server 安全漏洞
Signal K Server is a ship centralized server from Signal K open source. A security vulnerability exists in Signal K Server versions prior to 2.19.0 that stems from unauthenticated WebSocket request enumeration and token polling functionality that can be exploited by links, potentially leading to ...