Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Taier存在JWT硬编码漏洞 #1176

Open
4 tasks done
hhyhgoboy opened this issue Jun 7, 2024 · 0 comments
Open
4 tasks done

Taier存在JWT硬编码漏洞 #1176

hhyhgoboy opened this issue Jun 7, 2024 · 0 comments
Labels
question Further information is requested

Comments

@hhyhgoboy
Copy link

Search before asking

  • I had searched in the issues and found no similar question.

  • I had searched my question on the internet but i didn't get any help.

  • I had read the documentation: Taier doc but it didn't help me.

Description

Taier存在JWT硬编码漏洞。 由于开发者使用硬编码,导致攻击者可以伪造jwt token实现权限绕过随意访问后台数据。 修复建议 使用随机数生成新的密钥 如何修复

Code of Conduct
@hhyhgoboy hhyhgoboy added the question Further information is requested label Jun 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hhyhgoboy