PT-2022-26691 · Goadmin · Go-Admin
B1N4Heo
·
Published
2022-10-17
·
Updated
2022-10-20
·
CVE-2022-42980
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
go-admin (aka GO Admin) version 2.0.12
Description
The issue concerns the use of a hardcoded string 'go-admin' as a production JWT key in go-admin.
Recommendations
For go-admin version 2.0.12, update the JWT key to a secure, randomly generated value to prevent unauthorized access.
Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Go-Admin