### Summary The jwt authentication function of kubepi Read More ...
Continue Reading
06 января, 2023
# Description The jwt authentication function of kubepi Read More ...
Continue Reading
06 января, 2023
KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker ...
Continue Reading
04 января, 2023
Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine th ...
Continue Reading
31 декабря, 2022
Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine th ...
Continue Reading
31 декабря, 2022
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading
28 декабря, 2022
Some backend services did not properly validate JWTs. As a result JWT validation could be bypassed by setting the expiration date claim to a unix timestamp in the past, and abusing this for account ta ...
Continue Reading
26 декабря, 2022
ghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. In ghinstallation version 1, when the request to refresh an installa ...
Continue Reading
22 декабря, 2022
Back to Main
