MartialBE One-Hub Hard-Coded Cryptographic Key Vulnerability in Docker-Compose Configuration

A vulnerability exists in MartialBE One-Hub versions up to 0.14.27, specifically within the default Docker-Compose file. The issue arises from the SESSION_SECRET variable, which is set to a default value that can be easily exploited. This vulnerability allows for the use of a hard-coded cryptographic key, potentially compromising the application's security. The flaw can be exploited remotely, although it requires a high level of complexity. The vulnerability has been publicly disclosed and is actively exploitable.

Impact

Exploitation of this vulnerability allows attackers to forge JSON Web Tokens (JWTs) by using the default SESSION_SECRET key. This could grant them unauthorized access to sensitive administrative privileges within the application, such as managing user accounts or accessing confidential data.

Reproduction

The vulnerability can be reproduced by deploying the application using the default Docker-Compose file without modifying the SESSION_SECRET value. Once the application is running, a JWT can be created using the hard-coded SESSION_SECRET. This token can then be used to access sensitive administrative endpoints, demonstrating the vulnerability.

Remediation

Users are advised to manually change the SESSION_SECRET and USER_TOKEN_SECRET values to secure, random strings before deploying the application in a production environment.