Hardcoded Cryptographic Key Vulnerability in Control ID IDSecure 4.7.26.0 and Prior
CVE-2023-33371 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.
Learn more about our Web Application Penetration Testing UK.