CVE-2020-1764

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.

Hard coded cryptographic key in Kiali in github.com/kiali/kiali

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.

Se detectó una vulnerabilidad de clave criptográfica embebida en el archivo de configuración predeterminado en Kiali, todas las versiones anteriores a 1.15.1. Un atacante remoto podría abusar de este fallo mediante la creación de sus propios tokens firmados JWT y omisión de los mecanismos de autenticación de Kiali, posiblemente obteniendo privilegios para visualizar y alterar la configuración de Istio.