CVE-2020-1764

HIGH

Kiali < 1.15.1 - Authentication Bypass via Hard-coded Cryptographic Key

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-1764. PoCs published by jpts.

AI-analyzed exploit summary This PoC demonstrates an authentication bypass vulnerability in Kiali by generating a JWT token with a hardcoded secret key. The token is crafted to impersonate an admin user, allowing unauthorized access to the API.

Description

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.

Exploits (1)

nomisec WORKING POC 1 stars
by jpts · poc
https://github.com/jpts/cve-2020-1764-poc

This PoC demonstrates an authentication bypass vulnerability in Kiali by generating a JWT token with a hardcoded secret key. The token is crafted to impersonate an admin user, allowing unauthorized access to the API.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Kiali 0.4.0 to 1.15.0
No auth needed
Prerequisites: Network access to the Kiali API endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Mitigation, Vendor Advisory x_refsource_misc
https://kiali.io/news/security-bulletins/kiali-security-001/
Issue Tracking, Mitigation, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1764

Scores

CVSS v3 8.6
EPSS 0.0605
EPSS Percentile 91.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Details

CWE
CWE-321 CWE-798
Status published
Products (3)
kiali/kiali < 1.15.1
kiali/kiali 0 - 1.15.1Go
redhat/openshift_service_mesh 1.0
Published Mar 26, 2020
Tracked Since Feb 18, 2026