CVE-2023-26089

Published: May 2, 2023Modified: Jan 30, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5.

Affected (1)

Products: Echa.europa: Iuclid

Echa.europa

1 product

Iuclid

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Echa.europa Iuclid	From 5.15.0 to 6.27.6

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (6)

https://iuclid6.echa.europa.eu

Source: cve@mitre.org

Product

https://iuclid6.echa.europa.eu/documents/1387205/1809530/note_v6.27.6.pdf/76545a65-e6be-6486-280a-7d7c3d2ad455?t=1677577170669

Source: cve@mitre.org

MitigationVendor Advisory

https://iuclid6.echa.europa.eu/download

Source: cve@mitre.org

Product

https://iuclid6.echa.europa.eu

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://iuclid6.echa.europa.eu/documents/1387205/1809530/note_v6.27.6.pdf/76545a65-e6be-6486-280a-7d7c3d2ad455?t=1677577170669

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

https://iuclid6.echa.europa.eu/download

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.