User credentials are stored using AES‑ECB encryption with...
Critical severity
Unreviewed
Published
Feb 9, 2026
to the GitHub Advisory Database
•
Updated Feb 9, 2026
Description
Published by the National Vulnerability Database
Feb 9, 2026
Published to the GitHub Advisory Database
Feb 9, 2026
Last updated
Feb 9, 2026
User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass.
References