Vulnerability CVE-2023-36647


Published: 2023-12-12   Modified: 2023-12-14

Description:
A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.

Type:

CWE-798

Affected software
Prolion -> Cryptospike 

 References:
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36647

Copyright 2024, cxsecurity.com

 

Back to Top