CVE-2023-27172

Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack.
References
Link Resource
https://balwurk.github.io/CVE-2023-27172/ Exploit Third Party Advisory
https://balwurk.github.io/CVE-2023-27172/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:xpand-it:write-back_manager:2.3.1:*:*:*:*:*:*:*

History

21 Nov 2024, 07:52

Type Values Removed Values Added
References () https://balwurk.github.io/CVE-2023-27172/ - Exploit, Third Party Advisory () https://balwurk.github.io/CVE-2023-27172/ - Exploit, Third Party Advisory

02 Jan 2024, 15:00

Type Values Removed Values Added
References () https://balwurk.github.io/CVE-2023-27172/ - () https://balwurk.github.io/CVE-2023-27172/ - Exploit, Third Party Advisory
CPE cpe:2.3:a:xpand-it:write-back_manager:2.3.1:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1
CWE CWE-307

20 Dec 2023, 13:50

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-20 01:15

Updated : 2024-11-21 07:52


NVD link : CVE-2023-27172

Mitre link : CVE-2023-27172

CVE.ORG link : CVE-2023-27172


JSON object : View

Products Affected

xpand-it

  • write-back_manager
CWE
CWE-307

Improper Restriction of Excessive Authentication Attempts