Hard-coded JWT Key Vulnerability
laiyousin opened this issue · 0 comments
laiyousin commented
A hard-coded JWT (JSON Web Token) key vulnerability has been discovered, specifically within org.apache.submarine.commons.utils.SubmarineConfVars.ConfVars#SUBMARINE_AUTH_DEFAULT_SECRET
, where the key is hardcoded as SUBMARINE_SECRET_12345678901234567890
. It will pose a significant security risk by allowing attackers to generate unauthorized JWT tokens, potentially enabling them to bypass authentication mechanisms and access sensitive data and functionalities.