Improper Storage of Sensitive Information in Bearer Token
The latest version of the mintplex-labs/anything-llm project contains a vulnerability where a password is improperly stored within a JWT used as a bearer token. This issue was patched in version 1.0.3.
Available publicly on Oct 02 2024 | Available with Premium on Aug 14 2024
Threat Overview
The vulnerability involves storing sensitive information, specifically a password, in plaintext within a JWT. This improper storage allows an attacker who gains access to the JWT to easily decode it and retrieve the password. This can lead to unauthorized access and sensitive information disclosure, compromising the confidentiality and integrity of user data.
Attack Scenario
An attacker intercepts an HTTP request or response containing a JWT using a tool like Burp Suite. The attacker then decodes the JWT to reveal the plaintext password, which can be used to gain unauthorized access to the application.
Who is affected
Users of the mintplex-labs/anything-llm project running the latest version before 1.0.3 are affected. This includes any deployment where JWTs are used for authentication in single user mode.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.