BUG_Author: Kelsey Tian
Affected Version: DoraCMS - 2.1.8
Vendor: doramart https://github.com/doramart
Software: https://github.com/doramart/DoraCMS
Vulnerability File: doramart/DoraCMS#262
- backstage/adminGroup/src/utils/crypto.js, line 12.
Vulnerability Type: CWE-321 Use of Hard-coded Cryptographic Key
Attack Type: Remote
Impact: Information Disclosure
Severity: High
Description: DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.
- Using fixed keys may reduce encryption security because an attacker can guess or predict them. To enhance security, it is recommended to use randomly generated keys and ensure secure storage and transmission of keys.
References: doramart/DoraCMS#262 https://github.com/doramart/DoraCMS