[jira] [Created] (SUBMARINE-1417) Hard-coded JWT Key Vulnerability

Yu-Hsin Lai (Jira) Mon, 25 Mar 2024 22:12:04 -0700

Yu-Hsin Lai created SUBMARINE-1417:
--------------------------------------

             Summary: Hard-coded JWT Key Vulnerability
                 Key: SUBMARINE-1417
                 URL: https://issues.apache.org/jira/browse/SUBMARINE-1417
             Project: Apache Submarine
          Issue Type: Bug
            Reporter: Yu-Hsin Lai



A hard-coded JWT (JSON Web Token) key vulnerability has been discovered, 
specifically within 
{{{}org.apache.submarine.commons.utils.SubmarineConfVars.ConfVars#SUBMARINE_AUTH_DEFAULT_SECRET{}}},
 where the key is hardcoded as {{{}SUBMARINE_SECRET_12345678901234567890{}}}. 
It will pose a significant security risk by allowing attackers to generate 
unauthorized JWT tokens, potentially enabling them to bypass authentication 
mechanisms and access sensitive data and functionalities.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (SUBMARINE-1417) Hard-coded JWT Key Vulnerability

Reply via email to