[GitHub] [iotdb-web-workbench] ljn55966005 opened a new pull request, #34: save+Token伪造

[GitBox <gi...@apache.org>]

ljn55966005 opened a new pull request, #34:
URL: https://github.com/apache/iotdb-web-workbench/pull/34

   解决利用该漏洞伪造根账号的JWT Token来访问系统问题


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [iotdb-web-workbench] qiaojialin merged pull request #34: Safe Token

[GitBox <gi...@apache.org>]

qiaojialin merged PR #34:
URL: https://github.com/apache/iotdb-web-workbench/pull/34


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [iotdb-web-workbench] SxLiuYu commented on pull request #34: Safe Token

["SxLiuYu (via GitHub)" <gi...@apache.org>]

SxLiuYu commented on PR #34:
URL: https://github.com/apache/iotdb-web-workbench/pull/34#issuecomment-1410315935

   The 0.13.3 version is not completely repaired for CVE-2023-24829, and even the effect is not as good as before the repair. Before exploiting this vulnerability, you need to collide with the host. Now the fixed secret is more dangerous, because many users use it directly, and basically do not To modify the secret.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org