Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application’s JWT token and verify the incoming user-supplied tokens.
References
Link | Resource |
---|---|
https://boltonshield.com/en/cve/cve-2023-47315/ | Exploit Third Party Advisory |
Configurations
History
30 Nov 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application’s JWT token and verify the incoming user-supplied tokens. |
30 Nov 2023, 05:32
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-798 | |
References | () https://boltonshield.com/en/cve/cve-2023-47315/ - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:a:h-mdm:headwind_mdm:5.22.1:*:*:*:*:*:*:* | |
First Time |
H-mdm
H-mdm headwind Mdm |
22 Nov 2023, 17:31
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-22 17:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-47315
Mitre link : CVE-2023-47315
CVE.ORG link : CVE-2023-47315
JSON object : View
Products Affected
h-mdm
- headwind_mdm
CWE
CWE-798
Use of Hard-coded Credentials