Site icon API Security Blog

D-Link D-View 8 Hard-coded JWT Key (CVE-2023-5074)

The D-Link D-View 8 web server running on the remote host uses a hard-coded key to protect a JWT token. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to bypass authentication to perform otherwise restricted operations.Read More

Exit mobile version