This repository has been archived by the owner on Jul 10, 2024. It is now read-only.
Hard-coded JWT Key Vulnerability #1120
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
A hard-coded JWT (JSON Web Token) key vulnerability has been discovered, specifically within
org.apache.submarine.commons.utils.SubmarineConfVars.ConfVars#SUBMARINE_AUTH_DEFAULT_SECRET, where the key is hardcoded asSUBMARINE_SECRET_12345678901234567890. It will pose a significant security risk by allowing attackers to generate unauthorized JWT tokens, potentially enabling them to bypass authentication mechanisms and access sensitive data and functionalities.The text was updated successfully, but these errors were encountered: