An issue was discovered in Object First 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret k ...
Continue Reading15 ноября, 2022
[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVHagwDgVhZp53WwG_gFmIQMRv_3tyd7uC75ba026ZOoy2gPWiQffdIRRhgUE-eS1JOHe4X6699mSkR1MtiSIOW8lPQx4vt3ZHcQhLsZ8jITXN1eLAlO3W14YHnvwAN2X1jGTbHI ...
Continue Reading15 ноября, 2022
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6f6c9420-6297-11ed-9ca2-6c3be5272acd advisory. - Gr ...
Continue Reading15 ноября, 2022
Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under ...
Continue Reading17 октября, 2022
go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.Read More ...
Continue Reading17 октября, 2022
anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens.Read More ...
Continue Reading17 октября, 2022
Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under ...
Continue Reading14 октября, 2022
Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under ...
Continue Reading14 октября, 2022
Back to Main