📦 Cryptospike

CVE-2023-36649 allows attackers to obtain JWT tokens from Grafana logs or Loki REST API in ProLion CryptoSpike 3.0.15P2. With these tokens, attackers can impersonate legitimate users in web management...

This vulnerability allows remote blocked users to bypass authentication in ProLion CryptoSpike when using LDAP/Active Directory. Attackers can obtain valid authentication tokens by manipulating userna...

CVE-2023-36647 is a critical authentication bypass vulnerability in ProLion CryptoSpike where a hard-coded private key allows attackers to forge JWT tokens. This enables complete impersonation of any ...

CVE-2023-36651 is a critical authentication bypass vulnerability in ProLion CryptoSpike 3.0.15P2 where hard-coded super-admin credentials allow remote attackers to gain full administrative access to t...