[
https://issues.apache.org/jira/browse/SUBMARINE-1417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated SUBMARINE-1417:
--------------------------------------
Labels: pull-request-available (was: )
> Hard-coded JWT Key Vulnerability
> --------------------------------
>
> Key: SUBMARINE-1417
> URL: https://issues.apache.org/jira/browse/SUBMARINE-1417
> Project: Apache Submarine
> Issue Type: Bug
> Reporter: Yu-Hsin Lai
> Priority: Major
> Labels: pull-request-available
>
> A hard-coded JWT (JSON Web Token) key vulnerability has been discovered,
> specifically withinÂ
> {{{}org.apache.submarine.commons.utils.SubmarineConfVars.ConfVars#SUBMARINE_AUTH_DEFAULT_SECRET{}}},
> where the key is hardcoded as {{{}SUBMARINE_SECRET_12345678901234567890{}}}.
> It will pose a significant security risk by allowing attackers to generate
> unauthorized JWT tokens, potentially enabling them to bypass authentication
> mechanisms and access sensitive data and functionalities.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
