Primary

Context

Litmus JWT Authentication Entropy Vulnerability Allowing Privilege Escalation

Vulnerability

A vulnerability in the Litmus platform's JWT authentication mechanism allows low-privileged users to crack JWT tokens and gain admin rights. This issue arises because the secret used to sign the JWT is only 6 bytes long, making it容易破解. The vulnerability affects Litmus versions prior to 3.23.0.

Impact

Exploitation of this vulnerability allows low-privileged users to elevate their privileges to admin rights on the Litmus platform.

Remediation

Users can update to Litmus version 3.23.0 or later, where this vulnerability has been addressed.

Added: Dec 8, 2025, 7:39 PM

Updated: Dec 8, 2025, 7:39 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Litmus JWT Authentication Entropy Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating