A hard-coded JWT (JSON Web Token) key vulnerability has been discovered, specifically within org.apache.submarine.commons.utils.SubmarineConfVars.ConfVars#SUBMARINE_AUTH_DEFAULT_SECRET, where the key is hardcoded as SUBMARINE_SECRET_12345678901234567890. It will pose a significant security risk by allowing attackers to generate unauthorized JWT tokens, potentially enabling them to bypass authentication mechanisms and access sensitive data and functionalities.
A hard-coded JWT (JSON Web Token) key vulnerability has been discovered, specifically within
org.apache.submarine.commons.utils.SubmarineConfVars.ConfVars#SUBMARINE_AUTH_DEFAULT_SECRET, where the key is hardcoded asSUBMARINE_SECRET_12345678901234567890. It will pose a significant security risk by allowing attackers to generate unauthorized JWT tokens, potentially enabling them to bypass authentication mechanisms and access sensitive data and functionalities.