Bambuddy Hardcoded JWT Secret Key Vulnerability and Authentication Bypass
Vulnerability
A vulnerability in Bambuddy, a print archive and management system for Bambu Lab 3D printers, prior to version 0.1.7, involves a hardcoded secret key for signing JSON Web Tokens (JWTs) embedded in the source code. This key allows for the forgery of JWTs, enabling unauthorized access and administrative privileges. Additionally, many API routes do not require authentication, further exacerbating the issue.
Impact
Exploitation of this vulnerability allows for unauthorized access, authentication bypass, and administrative control over the Bambuddy application.
Reproduction
To reproduce this vulnerability, deploy an instance of Bambuddy version prior to 0.1.7. After creating an admin user, forge a JWT using the hardcoded secret key and use it to access authenticated endpoints. This can be done by sending a request with the forged JWT in the Authorization header. Alternatively, many API endpoints can be accessed without any authentication, as they do not require Authorization headers.
Remediation
Users are advised to update to Bambuddy version 0.1.7 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.