A CWE-321 "Use of Hard-coded Cryptographic Key" in the...
High severity
Unreviewed
Published
Feb 12, 2025
to the GitHub Advisory Database
•
Updated Feb 12, 2025
Description
Published by the National Vulnerability Database
Feb 12, 2025
Published to the GitHub Advisory Database
Feb 12, 2025
Last updated
Feb 12, 2025
A CWE-321 "Use of Hard-coded Cryptographic Key" in the JWT signing in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to bypass the authentication via crafted HTTP requests.
References