github.com/kubevela/kubevela is vulnerable to authentication bypass. The vulnerability exists in `authentication.go` because the users are allowed use the platformID to re-generate the JWT tokens whic ...
Continue Reading
09 сентября, 2022
JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JW ...
Continue Reading
07 сентября, 2022
KubeVela is an application delivery platform Users using KubeVela's VelaUX APIServer could be affected by an authentication bypass vulnerability. In KubeVela prior to versions 1.4.11 and 1.5.4, VelaUX ...
Continue Reading
07 сентября, 2022
An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's identities ...
Continue Reading
04 сентября, 2022
# CVE-2022-21449 repo showcasing generation of a base64 signatur...Read More ...
Continue Reading
01 сентября, 2022
Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session.Read More ...
Continue Reading
31 августа, 2022
Hardcoded JWT Secret in AgileConfig Read More ...
Continue Reading
31 августа, 2022
Hardcoded JWT Secret in AgileConfig Read More ...
Continue Reading
30 августа, 2022
Back to Main
