CVE-2023-47315

Published: Nov 22, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application’s JWT token and verify the incoming user-supplied tokens.

Affected (1)

Products: H Mdm: Headwind Mdm

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
H Mdm Headwind Mdm	Version 5.22.1

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://boltonshield.com/en/cve/cve-2023-47315/

Source: cve@mitre.org

ExploitThird Party Advisory

https://boltonshield.com/en/cve/cve-2023-47315/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.