Primary

Context

Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool Hard-Coded Secret Key Vulnerability Allowing JWT Session Generation

Vulnerability

A vulnerability exists in Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool, both in version 3.1.2rc11, due to a hard-coded secret key. This flaw could enable an attacker to generate valid JSON Web Token (JWT) sessions. Additionally, these tools have an exposed web management service that may allow authentication bypass, control over the products, or impersonation of the web application service to mislead clients.

Impact

Exploitation of this vulnerability could lead to unauthorized generation of JWT sessions, allowing for authentication bypass and potential control over the affected tools.

Remediation

Users are advised to upgrade to Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.3rc8.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool Hard-Coded Secret Key Vulnerability Allowing JWT Session Generation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating