This repository was archived by the owner on Jul 10, 2024. It is now read-only.
This repository was archived by the owner on Jul 10, 2024. It is now read-only.
Hard-coded JWT Key Vulnerability #1120
Description
A hard-coded JWT (JSON Web Token) key vulnerability has been discovered, specifically within org.apache.submarine.commons.utils.SubmarineConfVars.ConfVars#SUBMARINE_AUTH_DEFAULT_SECRET, where the key is hardcoded as SUBMARINE_SECRET_12345678901234567890. It will pose a significant security risk by allowing attackers to generate unauthorized JWT tokens, potentially enabling them to bypass authentication mechanisms and access sensitive data and functionalities.
