Site icon API Security Blog

Use Of Hard-Coded Credentials

@evershop/evershop is vulnerable to the Use Of Hard-Coded Credentials. The vulnerability is due to the exposure of a weak HMAC secret. Attackers can use the predictable secret to create valid JSON Web Tokens (JWT), which allows them access to sensitive…Read More

Exit mobile version