Primary

Context

MICROSENS NMP Web+ Authentication Bypass Vulnerability via Forged JSON Web Tokens

Vulnerability

An authentication bypass vulnerability has been identified in MICROSENS NMP Web+ versions through 3.2.5. This vulnerability allows an unauthenticated attacker to generate forged JSON Web Tokens (JWT), bypassing authentication mechanisms. The issue arises from the use of hard-coded security-relevant constants, leading to insufficient session expiration, as the JWTs do not expire, potentially allowing unauthorized access to the system.

Impact

Exploitation of this vulnerability could lead to unauthorized access by allowing attackers to bypass authentication and gain system access.

Remediation

Users are advised to update to MICROSENS NMP Web+ Version 3.3.0 for Windows or Linux. Instructions for downloading this version are available on the MICROSENS website.

Added: Jun 25, 2025, 5:47 PM

Updated: Jun 25, 2025, 5:47 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MICROSENS NMP Web+ Authentication Bypass Vulnerability via Forged JSON Web Tokens

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating