Home Any version
affected
Description
Open 5GS WebUI uses a hard-coded JWT signing key (change-me) whenever the environment variable JWT_SECRET_KEY is unset
Problem types
CWE-798 Use of Hard-coded Credentials
Product status
References
www.kb.cert.org/vuls/id/458022
github.com/open5gs/open5gs/issues/2264
github.com/open5gs/open5gs/issues/856
github.com/open5gs/open5gs/pull/857