A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote malicious users to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
prolion cryptospike 3.0.15 |