### Summary The jwt authentication function of kubepi Read More ...
Continue Reading06 января, 2023
# Description The jwt authentication function of kubepi Read More ...
Continue Reading06 января, 2023
KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker ...
Continue Reading04 января, 2023
Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine th ...
Continue Reading31 декабря, 2022
Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine th ...
Continue Reading31 декабря, 2022
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading28 декабря, 2022
Some backend services did not properly validate JWTs. As a result JWT validation could be bypassed by setting the expiration date claim to a unix timestamp in the past, and abusing this for account ta ...
Continue Reading26 декабря, 2022
ghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. In ghinstallation version 1, when the request to refresh an installa ...
Continue Reading22 декабря, 2022
Back to Main