Primary

Context

PerfreeBlog Hard-Coded Cryptographic Key Vulnerability in JWT Handler

Vulnerability

A vulnerability exists in PerfreeBlog version 4.0.11 within the JWT Handler component, specifically in the JwtUtil function. This vulnerability involves the use of a hard-coded cryptographic key, which could potentially be exploited remotely. However, the complexity of the attack is considered high, making exploitation difficult.

Impact

The vulnerability allows for the use of a hard-coded cryptographic key, which could lead to unauthorized access or manipulation of data that relies on this key for encryption or authentication.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

8.9

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

8.9

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PerfreeBlog Hard-Coded Cryptographic Key Vulnerability in JWT Handler

Vulnerability

Impact

Affected Products

PerfreeBlog

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating