Critical Hard-Coded Secret Flaw Found in clawvet API Server
A hard-coded JWT secret in clawvet API versions before 0.7.5 allows unauthenticated remote attackers to forge session cookies and steal sensitive user data.
2 results for “jwt”
A hard-coded JWT secret in clawvet API versions before 0.7.5 allows unauthenticated remote attackers to forge session cookies and steal sensitive user data.
A critical vulnerability in the Clawvet self-hosted API server allows unauthenticated attackers to forge session cookies and hijack user accounts.