Done-0 Jank Hard-Coded JWT Secret Vulnerability in Token Handler

Vulnerability

A vulnerability exists in Done-0 Jank versions up to 322caebbad10568460364b9667aa62c3080bfc17, specifically within the JWT Token Handler component. The issue arises from hard-coded secret keys for access and refresh tokens in the file internal/utils/jwt_utils.go. This vulnerability allows remote attackers to forge valid JWT tokens, bypass authentication, and potentially manipulate content by creating posts or comments. The exploitation of this vulnerability is considered difficult due to the high complexity of the attack.

Impact

Exploitation of this vulnerability allows for authentication bypass by forging valid JWT tokens, which can be used to create posts or comments on behalf of the authenticated user.

Added: Jul 6, 2025, 2:19 PM

Updated: Jul 6, 2025, 2:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Done-0 Jank Hard-Coded JWT Secret Vulnerability in Token Handler

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating