CVE-2023-33371 Information

Description

Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens allowing attackers to sign arbitrary session tokens and bypass authentication.

Reference

https://www.controlid.com.br/en/access-control/idsecure/ https://claroty.com/team82/disclosure-dashboard/cve-2023-33371