Hard-coded JWT Secret in Headwind MDM Web Panel 5.22.1 Allows for Incorrect Access Control
CVE-2023-47315 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application’s JWT token and verify the incoming user-supplied tokens.
Learn more about our Web App Pen Testing.