Hardcoded Cryptographic Key Vulnerability in Control ID IDSecure 4.7.26.0 and Prior

Hardcoded Cryptographic Key Vulnerability in Control ID IDSecure 4.7.26.0 and Prior

CVE-2023-33371 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.

Learn more about our Web Application Penetration Testing UK.