Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. An attacker can use hard coding to generate login credentials of any user and log in to the service background located at different IP addresses.
Weakness
The product uses a hard-coded, unchangeable cryptographic key.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Databasir | Databasir_project | 1.0.1 (including) | 1.0.1 (including) |
Potential Mitigations
References
- https://github.com/vran-dev/databasir/blob/master/core/src/main/java/com/databasir/core/infrastructure/jwt/JwtTokens.java
- https://github.com/vran-dev/databasir/security/advisories/GHSA-9prp-5jc9-jpgg
- https://user-images.githubusercontent.com/75008428/163742517-ecc1c787-1ef6-4df9-bdf2-407b2b31e111.png
- https://user-images.githubusercontent.com/75008428/163742566-a69c91e8-db20-4058-8967-1cfe86facc6d.png
- https://user-images.githubusercontent.com/75008428/163742596-5c13153a-be8f-4ce3-9681-bc68b5f7e9c5.png
- https://github.com/vran-dev/databasir/blob/master/core/src/main/java/com/databasir/core/infrastructure/jwt/JwtTokens.java
- https://github.com/vran-dev/databasir/security/advisories/GHSA-9prp-5jc9-jpgg
- https://user-images.githubusercontent.com/75008428/163742517-ecc1c787-1ef6-4df9-bdf2-407b2b31e111.png
- https://user-images.githubusercontent.com/75008428/163742566-a69c91e8-db20-4058-8967-1cfe86facc6d.png
- https://user-images.githubusercontent.com/75008428/163742596-5c13153a-be8f-4ce3-9681-bc68b5f7e9c5.png
