Vulnerability: Impersonation via Hard-Coded Private Key in ProLion CryptoSpike 3.0.15P2

Vulnerability: Impersonation via Hard-Coded Private Key in ProLion CryptoSpike 3.0.15P2

CVE-2023-36647 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.

Learn more about our Web App Pen Testing.