An issue was discovered in Object First 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret k ...

Continue Reading

15 ноября, 2022

[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVHagwDgVhZp53WwG_gFmIQMRv_3tyd7uC75ba026ZOoy2gPWiQffdIRRhgUE-eS1JOHe4X6699mSkR1MtiSIOW8lPQx4vt3ZHcQhLsZ8jITXN1eLAlO3W14YHnvwAN2X1jGTbHI ...

Continue Reading

15 ноября, 2022

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6f6c9420-6297-11ed-9ca2-6c3be5272acd advisory. - Gr ...

Continue Reading

15 ноября, 2022

Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under ...

Continue Reading

17 октября, 2022

go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.Read More ...

Continue Reading

17 октября, 2022

anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens.Read More ...

Continue Reading

17 октября, 2022

Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under ...

Continue Reading

14 октября, 2022

Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under ...

Continue Reading

14 октября, 2022