漏洞描述
MCPHub Dashboard 在身份认证过程中使用了硬编码的 JWT(JSON Web Token)密钥,导致攻击者可以通过获取或猜测该密钥,伪造任意用户的JWT 令牌,从而绕过身份认证机制,直接访问后台管理功能或获取敏感数据。该漏洞无需用户凭据即可利用,属于严重的身份认证绕过漏洞。
MCPHub Dashboard JWT硬编码身份认证绕过漏洞
PoC代码
暂无相关漏洞推荐
- POC unauth-munin: Munin Monitoring Dashboard - Exposure
- POC unauth-akhq-dashboard: AKHQ Dashboard - Unauthenticated Access
- POC unauth-hawkeye-dashboard: Unauth Hawkeye Dashboard - Detect
- POC unauth-phoenix-dashboard: Unauth Phoenix Dashboard - Detect
- POC unauth-supervisor-dashboard: Unauth Supervisor Dashboard - Detect
- (CVE-2025-11461)Frappe CRM 1.53.1 Dashboard Controller SQL注入漏洞
- OpenSearch Dashboard为存在默认口令
- OpenSearch Dashboard存在未授权访问
- POC CVE-2018-18264: Kubernetes Dashboard <1.10.1 - Authentication Bypass
- POC CVE-2021-22053: Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution
- POC CVE-2021-3223: Node RED Dashboard <2.26.2 - Local File Inclusion
- POC CVE-2021-45232: Apache APISIX Dashboard <2.10.1 - API Unauthorized Access
- POC CVE-2022-38817: Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control