Vulnerability CVE-2023-36647
Published: 2023-12-12   Modified: 2023-12-14

Description:
A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.

Type:

CWE-798

Affected software
Prolion -> Cryptospike 

 References:
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36647
Copyright 2024, cxsecurity.com

 

Back to Top