Description
DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Credentials. Authentication tokens (JWTs) were stored in HTTP cookies without cryptographic protection of the payload. This issue has been patched via commit d527fba.
Published: 2026-03-07
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Credential theft via clear-text token storage
Action: Immediate patch
AI Analysis

Impact

Anonymous or authenticated users could steal authentication cookies because the server stores JSON Web Tokens without cryptographic protection of the payload. The vulnerability is an instance of insufficiently protected credentials, allowing an attacker to obtain a valid token and impersonate a user, thereby compromising confidentiality of user accounts and any data accessed under that session.

Affected Systems

The affected application is toxicbishop DSA-with-tsx, a Node.js‑based educational web service. Any deployment of the application prior to commit d527fba3b3c15f185b9d1e730322dff9248391e4 is vulnerable. Versions that have not applied the patch that changed the cookie handling logic are at risk.

Risk and Exploitability

The vulnerability scores a CVSS of 8.1, indicating high potential impact. However, the EPSS score of less than 1% suggests a very low probability of active exploitation at the time of this analysis, and the issue is not listed in the CISA KEV catalog. An attacker would generally need to acquire the cookie through network sniffing, cross‑site scripting, or other client‑side manipulation, and then use the unprotected JWT to authenticate as a legitimate user. The exploit path is inferred from the nature of the flaw; no additional remediation is required beyond the official patch.

Generated by OpenCVE AI on April 17, 2026 at 12:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the application to commit d527fba3b3c15f185b9d1e730322dff9248391e4, which fixes the cookie storage logic.
  • Configure authentication cookies with the HTTPOnly and Secure flags and enforce HTTPS for all connections.
  • Ensure that JSON Web Tokens are signed with a strong algorithm and that the payload is encrypted or contains minimal sensitive data.

Generated by OpenCVE AI on April 17, 2026 at 12:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Toxicbishop dsa Study Hub
CPEs cpe:2.3:a:toxicbishop:dsa_study_hub:*:*:*:*:*:node.js:*:*
Vendors & Products Toxicbishop dsa Study Hub

Mon, 09 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 09 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Toxicbishop
Toxicbishop dsa-with-tsx
Vendors & Products Toxicbishop
Toxicbishop dsa-with-tsx

Sat, 07 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Description DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Credentials. Authentication tokens (JWTs) were stored in HTTP cookies without cryptographic protection of the payload. This issue has been patched via commit d527fba.
Title dsa-hub-server: Clear-Text Storage of Sensitive Data
Weaknesses CWE-311
CWE-522
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

Subscriptions

Toxicbishop Dsa-with-tsx Dsa Study Hub
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-09T18:26:07.074Z

Reserved: 2026-03-02T21:43:19.927Z

Link: CVE-2026-28678

cve-icon Vulnrichment

Updated: 2026-03-09T17:39:46.619Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-07T16:15:54.010

Modified: 2026-03-11T17:35:39.667

Link: CVE-2026-28678

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T12:15:18Z

Weaknesses