Login Sign Up

CVE-2023-31579

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

CVE-2023-31579 is a critical authentication bypass vulnerability in Dromara Lamp-Cloud where hardcoded JWT signing keys allow attackers to forge valid authentication tokens. This affects all users of Lamp-Cloud versions before 3.8.1, enabling unauthorized access to the application.

💻 Affected Systems

Products:
  • Dromara Lamp-Cloud
Versions: All versions before 3.8.1
Operating Systems: All platforms running Lamp-Cloud
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments using default JWT configuration are vulnerable. Custom deployments may also be affected if they didn't change the hardcoded keys.

📦 What is this software?

Lamp Cloud by Tangyh

View all CVEs affecting Lamp Cloud →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where attackers gain administrative privileges, access sensitive data, and potentially pivot to other systems.

🟠

Likely Case

Unauthorized access to application functionality and data, potentially leading to data theft or privilege escalation.

🟢

If Mitigated

Limited impact with proper network segmentation and additional authentication layers, but still a serious vulnerability.

🌐 Internet-Facing: HIGH - Internet-facing instances are directly exploitable by attackers without authentication.
🏢 Internal Only: HIGH - Internal instances are vulnerable to insider threats or attackers who breach perimeter defenses.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only knowledge of the hardcoded key and ability to craft JWT tokens. Public GitHub issues demonstrate the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.8.1 and later

Vendor Advisory: https://github.com/dromara/lamp-cloud/issues/183

Restart Required: Yes

Instructions:

1. Update Lamp-Cloud to version 3.8.1 or later. 2. Restart the application. 3. Regenerate all JWT tokens. 4. Revoke existing tokens if possible.

🔧 Temporary Workarounds

Custom JWT Key Configuration

all

Manually configure unique JWT signing keys instead of using hardcoded defaults

Modify JWT configuration in application.yml to set custom signing keys

🧯 If You Can't Patch

  • Implement network-level controls to restrict access to vulnerable instances
  • Add additional authentication layers (MFA, IP whitelisting) to compensate for JWT weakness

🔍 How to Verify

Check if Vulnerable:

Check if Lamp-Cloud version is below 3.8.1 and review JWT configuration for hardcoded keys

Check Version:

Check application version in admin interface or review pom.xml for version number

Verify Fix Applied:

Verify version is 3.8.1+ and test that JWT tokens signed with old hardcoded keys are rejected

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed authentication attempts followed by successful login with unusual tokens
  • JWT validation errors for tokens with unexpected signatures

Network Indicators:

  • Unusual authentication patterns
  • Requests with manually crafted JWT headers

SIEM Query:

source="lamp-cloud" AND (event="authentication_success" AND token_signature="hardcoded_key")

📊 Metadata

CVE ID: CVE-2023-31579
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-798
Published: November 2, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31579, you might also want to check these:

CVE-2025-20188 10.0

This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote a...

Same vulnerability type (CWE-798)
CVE-2026-22769 10.0

Dell RecoverPoint for Virtual Machines versions before 6.0.3.1 HF1 contain hardcoded credentials tha...

Same vulnerability type (CWE-798)
CVE-2021-0248 10.0

This vulnerability involves hard-coded credentials in Juniper Junos OS on NFX Series devices, allowi...

Same vulnerability type (CWE-798)