Name of the Vulnerable Software and Affected Versions: egOS WebGUI (affected versions not specified) Description: The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of a hard-coded cryptographic key. This allows attackers to forge authentication tokens, potentially gaining unauthorized access to the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this…Read More