Описание
Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:xpand-it:write-back_manager:2.3.1:*:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00086
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-307
CWE-307
Связанные уязвимости
CVSS3: 9.1
github
около 2 лет назад
Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack.
EPSS
Процентиль: 25%
0.00086
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-307
CWE-307