Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This ...
Continue Reading
04 января, 2024
The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode. B ...
Continue Reading
04 января, 2024
Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This ...
Continue Reading
21 декабря, 2023
Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This ...
Continue Reading
21 декабря, 2023
github.com/navidrome/navidrome is vulnerable to Authentication bypass. The vulnerability is due to the DefaultGet function within auth.go which is used to retrieve the JWT secret key from the database ...
Continue Reading
21 декабря, 2023
Summary A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizi ...
Continue Reading
20 декабря, 2023
Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce...Read More ...
Continue Reading
20 декабря, 2023
Summary A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizi ...
Continue Reading
19 декабря, 2023
Back to Main
