Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This ...
Continue Reading04 января, 2024
The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode. B ...
Continue Reading04 января, 2024
Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This ...
Continue Reading21 декабря, 2023
Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This ...
Continue Reading21 декабря, 2023
github.com/navidrome/navidrome is vulnerable to Authentication bypass. The vulnerability is due to the DefaultGet function within auth.go which is used to retrieve the JWT secret key from the database ...
Continue Reading21 декабря, 2023
Summary A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizi ...
Continue Reading20 декабря, 2023
Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce...Read More ...
Continue Reading20 декабря, 2023
Summary A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizi ...
Continue Reading19 декабря, 2023
Back to Main