PerfreeBlog JWT JwtUtil hard-coded key

A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

使用硬编码的密码学密钥

PerfreeBlog 安全漏洞

PerfreeBlog是PerfreeBlog开源的一款基于java开发的博客/CMS建站平台。 PerfreeBlog 4.0.11版本存在安全漏洞，该漏洞源于使用硬编码加密密钥。

N/A

N/A