CVE-2023-47315

Name of the Vulnerable Software and Affected Versions Headwind MDM Web panel version 5.22.1

Description The issue is related to the use of hard-coded credentials in the JWT Secret Handler component of the Headwind MDM software. This allows a remote attacker to gain access to credentials by creating arbitrary JWT tokens on behalf of arbitrary users. The hard-coded JWT Secret is embedded in the source code, which is publicly available, and is used for signing and verifying user-supplied tokens.

Recommendations For Headwind MDM Web panel version 5.22.1, consider disabling the JWT Secret Handler component until a patch is available to prevent exploitation. Restrict access to the Web panel to minimize the risk of unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.