Login Sign Up

CVE-2024-11619

5.0 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability in macrozheng mall's JWT Token Handler allows attackers to forge authentication tokens by exploiting the use of a default cryptographic key. Systems running affected versions could have their authentication bypassed. The vulnerability affects all deployments using the default configuration.

💻 Affected Systems

Products:
  • macrozheng mall
Versions: up to 1.0.3
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects deployments using the default JWT configuration without custom cryptographic keys.

📦 What is this software?

Mall by Macrozheng

View all CVEs affecting Mall →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete authentication bypass allowing unauthorized access to user accounts, administrative functions, and sensitive data.

🟠

Likely Case

Authentication bypass for some users or functions, potentially leading to unauthorized data access or privilege escalation.

🟢

If Mitigated

Minimal impact if custom cryptographic keys are properly configured and strong authentication controls are in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires understanding of JWT token structure and cryptographic weaknesses, but no public exploit code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

No official patch available. Vendor did not respond to disclosure and deleted GitHub issue. Consider upgrading to any newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Configure Custom JWT Secret Key

all

Replace the default cryptographic key with a strong, unique secret key for JWT token signing and verification.

Edit application configuration to set jwt.secret property to a strong random value (minimum 256 bits)

Implement JWT Key Rotation

all

Regularly rotate JWT signing keys and implement proper key management.

Implement key rotation schedule and update jwt.secret property periodically

🧯 If You Can't Patch

  • Implement network segmentation to isolate vulnerable systems from critical assets
  • Deploy Web Application Firewall (WAF) with JWT validation rules

🔍 How to Verify

Check if Vulnerable:

Check if application uses default JWT configuration by examining configuration files for jwt.secret property or checking if tokens can be decoded with common default keys.

Check Version:

Check application version in pom.xml or application.properties for version <= 1.0.3

Verify Fix Applied:

Verify that JWT tokens cannot be forged using default keys and that custom secret key is properly configured.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed authentication attempts followed by successful login with unusual patterns
  • JWT token validation errors or warnings

Network Indicators:

  • Unusual authentication traffic patterns
  • Requests with manipulated JWT tokens

SIEM Query:

Authentication logs where JWT tokens show signs of tampering or use of default key signatures

📊 Metadata

CVE ID: CVE-2024-11619
CVSS v3 Score: 5.0 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-1394
Published: November 22, 2024
Last Updated: September 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-11619, you might also want to check these:

CVE-2024-48956 9.8

CVE-2024-48956 is an unauthenticated remote code execution vulnerability in Serviceware Processes. A...

Same vulnerability type (CWE-1394)
CVE-2025-41742 9.8

Sprecher Automations SPRECON-E devices use default cryptographic keys that allow unauthorized remote...

Same vulnerability type (CWE-1394)
CVE-2025-41744 9.1

Sprecher Automations SPRECON-E series uses default cryptographic keys that allow unprivileged remote...

Same vulnerability type (CWE-1394)