CVE Details
Basic Information
| Title | saltbo zpan JSON Web Token token.go NewToken hard-coded password |
|---|---|
| Type | cve |
| Published | 2025-07-11T18:32:05.187Z |
| Modified | 2025-07-11T18:32:05.187Z |
Product Information
| Vendor | saltbo |
|---|---|
| Product | zpan |
| Version | 1.6.0 |
CVSS Information
| Base Score | 6.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A hard-coded password vulnerability in the JSON Web Token Handler of saltbo zpan allows remote attackers to exploit the system, though successful exploitation is considered difficult due to high attack complexity. |
|---|---|
| AI Severity | Medium |
| AI Vendor | saltbo |
| AI Product | zpan |
| AI Version | 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.7.0-beta1, 1.7.0-beta2 |
Affected Products
- saltbo zpan 1.6.0
- saltbo zpan 1.6.1
- saltbo zpan 1.6.2
- saltbo zpan 1.6.3
- saltbo zpan 1.6.4
- saltbo zpan 1.6.5
- saltbo zpan 1.7.0-beta1
- saltbo zpan 1.7.0-beta2
Additional Information
| CWE List | CWE-259, CWE-255 |
|---|---|
| Source | VulDB |
Description
A vulnerability was found in saltbo zpan up to 1.6.5/1.7.0-beta2. It has been rated as problematic. This issue affects the function NewToken of the file zpan/internal/app/service/token.go of the component JSON Web Token Handler. The manipulation with the input 123 leads to use of hard-coded password. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.