CVE-2024-33625

CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication.
Configurations

No configuration.

History

21 Nov 2024, 09:17

Type Values Removed Values Added
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01 -
References () https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads - () https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads -

16 May 2024, 13:03

Type Values Removed Values Added
Summary
  • (es) El código de la aplicación empresarial CyberPower PowerPanel contiene una clave de firma JWT codificada. Esto podría resultar en que un atacante falsifique tokens JWT para eludir la autenticación.

15 May 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-15 20:15

Updated : 2024-11-21 09:17


NVD link : CVE-2024-33625

Mitre link : CVE-2024-33625

CVE.ORG link : CVE-2024-33625


JSON object : View

Products Affected

No product.

CWE
CWE-259

Use of Hard-coded Password