A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.
References
Link | Resource |
---|---|
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36647 | Exploit Third Party Advisory |
Configurations
History
14 Dec 2023, 00:03
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:prolion:cryptospike:3.0.15:p2:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Prolion
Prolion cryptospike |
|
CWE | CWE-798 | |
References | () https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36647 - Exploit, Third Party Advisory |
12 Dec 2023, 13:43
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
12 Dec 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-12 01:15
Updated : 2023-12-14 00:03
NVD link : CVE-2023-36647
Mitre link : CVE-2023-36647
CVE.ORG link : CVE-2023-36647
JSON object : View
Products Affected
prolion
- cryptospike
CWE
CWE-798
Use of Hard-coded Credentials