{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/praisonai-platform--0.1.4/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["praisonai-platform \u003c= 0.1.4"],"_cs_severities":["critical"],"_cs_tags":["authentication-bypass","hardcoded-credentials","jwt-forgery","python","supply-chain","misconfiguration"],"_cs_type":"advisory","_cs_vendors":["MervinPraison"],"content_html":"\u003cp\u003eThe \u003ccode\u003epraisonai-platform\u003c/code\u003e Python package, specifically versions 0.1.4 and older, developed by Mervin Praison, contains a critical vulnerability where its JSON Web Token (JWT) signing secret defaults to a publicly known string, \u003ccode\u003edev-secret-change-me\u003c/code\u003e. This misconfiguration stems from a flawed environment variable check in \u003ccode\u003epraisonai_platform/services/auth_service.py\u003c/code\u003e (SHA256: \u003ccode\u003ecc29d43c5412da2c73c818859b8d8b146587842999b777336017ab9d9e509258\u003c/code\u003e). The intended guard to prevent production deployments with the default secret fails if both \u003ccode\u003ePLATFORM_JWT_SECRET\u003c/code\u003e and \u003ccode\u003ePLATFORM_ENV\u003c/code\u003e are left unset, causing the application to silently start with the insecure secret. This enables unauthenticated attackers to forge arbitrary JWTs, effectively bypassing authentication for any user, including administrative accounts, across all routes protected by the \u003ccode\u003eget_current_user\u003c/code\u003e dependency.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access / Reconnaissance\u003c/strong\u003e: An unauthenticated attacker identifies a \u003ccode\u003epraisonai-platform\u003c/code\u003e instance, possibly by interacting with its API endpoints or discovering the underlying software version.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVulnerability Identification\u003c/strong\u003e: The attacker identifies that the application is running \u003ccode\u003epraisonai-platform\u003c/code\u003e version 0.1.4 or earlier and has not correctly configured its \u003ccode\u003ePLATFORM_JWT_SECRET\u003c/code\u003e and \u003ccode\u003ePLATFORM_ENV\u003c/code\u003e environment variables, leading to the use of the default \u003ccode\u003edev-secret-change-me\u003c/code\u003e JWT secret.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eToken Forgery\u003c/strong\u003e: Using the publicly known JWT secret (\u003ccode\u003edev-secret-change-me\u003c/code\u003e) and the HS256 algorithm, the attacker crafts a JWT with arbitrary claims, including \u003ccode\u003esub\u003c/code\u003e (user ID) and \u003ccode\u003eemail\u003c/code\u003e, for a target user (e.g., an administrative user like \u003ccode\u003eadmin@example.com\u003c/code\u003e or a known user ID).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAuthentication Bypass\u003c/strong\u003e: The attacker sends the forged JWT in an \u003ccode\u003eAuthorization\u003c/code\u003e header to a protected endpoint (e.g., \u003ccode\u003e/api/v1/workspaces\u003c/code\u003e, \u003ccode\u003e/api/v1/projects\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser Impersonation\u003c/strong\u003e: The \u003ccode\u003epraisonai-platform\u003c/code\u003e server validates the forged token using the default secret and treats the attacker as the impersonated user (e.g., \u003ccode\u003eadmin-user-id-attacker-chose\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrivilege Escalation / Unauthorized Access\u003c/strong\u003e: If the forged token impersonates an administrator or a member of a specific workspace, the attacker gains full access to that user's resources and permissions within the application, including creating, modifying, or deleting data.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImpact\u003c/strong\u003e: The attacker proceeds to exfiltrate data, tamper with application settings, or perform other malicious actions as the impersonated user.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis critical vulnerability directly leads to complete authentication bypass and privilege escalation within affected \u003ccode\u003epraisonai-platform\u003c/code\u003e deployments. An attacker can impersonate any user, including administrators, by forging JWTs with arbitrary user IDs and email addresses. All routes protected by the \u003ccode\u003eget_current_user\u003c/code\u003e dependency, which includes core functionalities such as managing workspaces, projects, issues, agents, and labels, become vulnerable to unauthorized access. The consequence is full compromise of the application's data and functionality, with potential for sensitive data exfiltration, system configuration changes, and disruption of service. There is no specific victim count, but any instance of \u003ccode\u003epraisonai-platform\u003c/code\u003e running the vulnerable versions without proper environment configuration is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eImmediate Action\u003c/strong\u003e: Patch \u003ccode\u003epraisonai-platform\u003c/code\u003e to a version that addresses this vulnerability or ensure \u003ccode\u003ePLATFORM_JWT_SECRET\u003c/code\u003e is set to a strong, random, and unique value (at least 32 bytes) in all environments, including development. Set \u003ccode\u003ePLATFORM_ENV\u003c/code\u003e to a non-\u003ccode\u003edev\u003c/code\u003e value (e.g., \u003ccode\u003eproduction\u003c/code\u003e) for production deployments to ensure the built-in guard is active.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDetection Engineering\u003c/strong\u003e: Deploy the provided Sigma rule \u0026quot;Detect PraisonAI Platform Vulnerable File (SHA256)\u0026quot; to identify instances running the vulnerable \u003ccode\u003eauth_service.py\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply Chain Security\u003c/strong\u003e: Implement automated scanning for component vulnerabilities (SCA) to identify the presence of \u003ccode\u003epraisonai-platform \u0026lt;= 0.1.4\u003c/code\u003e in your software supply chain.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLog Configuration\u003c/strong\u003e: Ensure application logs are configured to capture environment variable settings on process startup, if possible, to detect instances where \u003ccode\u003ePLATFORM_JWT_SECRET\u003c/code\u003e is unset or \u003ccode\u003ePLATFORM_ENV\u003c/code\u003e defaults to \u003ccode\u003edev\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-06-18T14:43:44Z","date_published":"2026-06-18T14:43:44Z","id":"https://feed.craftedsignal.io/briefs/2026-06-praisonai-platform-jwt-secret-forgery/","summary":"The `praisonai-platform` package, versions 0.1.4 and below, is critically vulnerable to authentication bypass and privilege escalation due to a hardcoded default JWT signing secret (`dev-secret-change-me`) that is inadvertently enabled in default deployments, allowing an unauthenticated attacker to forge JWTs and impersonate any user.","title":"PraisonAI Platform Vulnerable to JWT Forgery via Hardcoded Default Secret","url":"https://feed.craftedsignal.io/briefs/2026-06-praisonai-platform-jwt-secret-forgery/"}],"language":"en","title":"CraftedSignal Threat Feed - Praisonai-Platform \u003c= 0.1.4","version":"https://jsonfeed.org/version/1.1"}