Description
This project is an open source project, and any user can access the hard coded JWT Secret in this project. At the same time, there are no warning prompts when starting the project using the default JWT Secret value, so most users may not modify this JWT Secret default value, which may allow attackers to forge arbitrary user permission tokens, thereby bypassing authentication and authorization mechanisms and accessing protected interfaces.

https://github.com/EduardoPires/EquinoxProject/blob/master/src/Equinox.Services.Api/appsettings.Staging.json#L15
Influence
-Attackers can forge any user's JWT
-Can impersonate administrators or high privilege accounts to access sensitive interfaces
-The user identity authentication mechanism has failed
-May lead to data leakage, unauthorized operations, or account takeover
Fix
JWT Secret can be placed in the system environment variable or disabled from starting projects with default values.
Description
This project is an open source project, and any user can access the hard coded JWT Secret in this project. At the same time, there are no warning prompts when starting the project using the default JWT Secret value, so most users may not modify this JWT Secret default value, which may allow attackers to forge arbitrary user permission tokens, thereby bypassing authentication and authorization mechanisms and accessing protected interfaces.
Influence
-Attackers can forge any user's JWT
-Can impersonate administrators or high privilege accounts to access sensitive interfaces
-The user identity authentication mechanism has failed
-May lead to data leakage, unauthorized operations, or account takeover
Fix
JWT Secret can be placed in the system environment variable or disabled from starting projects with default values.