Hard-coded Cryptographic Key

cn.hippo4j, hippo4j-core is vulnerable to use of hard-coded cryptographic key. The vulnerability is due to a hard-coded secret key in JWT creation, which allows an attacker to forge valid access tokens and impersonate any user, including privileged ones like…Read More