youth-is-as-pale-as-poetry e-learning JWT Forgery Vulnerability in Version 1.0

A vulnerability exists in youth-is-as-pale-as-poetry e-learning version 1.0, specifically within the JWT Token Handler component. The issue arises in the encryptSecret function of JwtUtils.java, where the vulnerability allows for insufficiently random values to be generated. This flaw can be exploited remotely, although the complexity of the attack is considered high. The vulnerability has been publicly disclosed and is associated with an authentication bypass, enabling attackers to log into any account by forging a JWT, provided they know the username.

Impact

Exploitation of this vulnerability allows for JWT forgery, which can be used to bypass authentication and gain unauthorized access to user accounts.

Reproduction

To reproduce this vulnerability, log into the application and capture the response packet. Modify this packet to include a forged JWT token, generated using a script that creates a token based on the username and the current month. Replace the token in the response packet with the forged one, then send the modified packet back to the server. If successful, this will bypass authentication and grant access to the account associated with the username.