Executive Summary

This vulnerability in Open5GS occurs because the WebUI uses a hard-coded default JWT signing key ('change-me') whenever the environment variable JWT_SECRET_KEY is not set. Since the documentation does not inform users about the need to set this environment variable, many installations may unknowingly use this weak default key. This allows attackers to potentially forge JWT tokens or reverse engineer passwords, compromising the security of the system. [1, 3]

Useful 0 Not Useful 0

Impact Analysis

If the JWT_SECRET_KEY environment variable is not set, the system uses a predictable, hard-coded secret key. This can allow attackers to spoof JWT tokens, gain unauthorized access, or reverse engineer passwords, leading to potential unauthorized control or data exposure within the Open5GS system. [1, 3]

Useful 0 Not Useful 0

Detection Guidance

You can detect this vulnerability by checking if the environment variable JWT_SECRET_KEY is set on your Open5GS WebUI server. If it is unset or empty, the system uses the default insecure hard-coded key 'change-me'. For example, on the server running Open5GS, run the command: `echo $JWT_SECRET_KEY`. If the output is empty or 'change-me', your system is vulnerable. Additionally, inspecting the running process environment or configuration files for the presence and value of JWT_SECRET_KEY can help detect this issue. [1, 3]

Useful 0 Not Useful 0

Mitigation Strategies

Immediately set the environment variable JWT_SECRET_KEY to a strong, random secret value before starting the Open5GS WebUI service. This prevents the system from falling back to the default insecure key 'change-me'. Restart the Open5GS service after setting this variable to ensure the new secret is used. Avoid using default or predictable secret keys. Monitoring for updates or patches that replace the default key with randomized secrets is also recommended. [1, 2, 3]

Useful 0 Not Useful 0