Vulnerability: Impersonation via Hard-Coded Private Key in ProLion CryptoSpike 3.0.15P2
CVE-2023-36647 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.
Learn more about our Web App Pen Testing.