Uploaded image for project: 'Apache Submarine'
  1. Apache Submarine
  2. SUBMARINE-1417

Hard-coded JWT Key Vulnerability

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • None

    Description

      A hard-coded JWT (JSON Web Token) key vulnerability has been discovered, specifically within org.apache.submarine.commons.utils.SubmarineConfVars.ConfVars#SUBMARINE_AUTH_DEFAULT_SECRET, where the key is hardcoded as SUBMARINE_SECRET_12345678901234567890. It will pose a significant security risk by allowing attackers to generate unauthorized JWT tokens, potentially enabling them to bypass authentication mechanisms and access sensitive data and functionalities.

      Attachments

        Activity

          People

            Unassigned Unassigned
            yuhsinlai Yu-Hsin Lai
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: