SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT signing secret as a fallback value in backend/app/auth/utils.py:28 and ships it verbatim in .env.example. Any deployment where JWT_SECRET is not explicitly set — including the default Docker Compose setup — signs all authentication tokens with this publicly known value. An unauthenticated attacker can forge arbitrary admin-scoped JWTs and gain full control of the application and every security tool it manages without any credentials. This vulnerability is fixed in 0.1.57.
The application defines a hardcoded JWT secret value as a fallback in the backend/app/auth/utils.py file (line 28), and places the same value in the .env.example file. In the default Docker Compose configuration, the JWT_SECRET variable is not overridden by the operator, so all authentication tokens are signed with a publicly known secret. An attacker, knowing this secret, can independently generate a JWT token with administrator role and authenticate to the application without knowing any credentials.
An attacker gains unrestricted administrative access to the CoPilot application and all integrated security tools, which includes full confidentiality, integrity, and availability of data and managed systems.
Update SOCFortress CoPilot to version 0.1.57 or later. Additionally, regardless of the update, immediately set a unique and random value for the JWT_SECRET environment variable in all deployments and invalidate all previously issued JWT tokens.
SOCFortress CoPilot in all versions before 0.1.57, particularly deployments using the default Docker Compose configuration where the JWT_SECRET environment variable has not been explicitly set.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H