Veeam Recovery Orchestrator Flaw Enables Forge of Valid JWT Tokens

A critical authentication bypass vulnerability in Veeam Recovery Orchestrator, tracked as CVE-2024-29855, has been disclosed. This vulnerability poses a serious security risk by allowing unauthorized attackers to access the Veeam Recovery Orchestrator web interface (UI) with administrative privileges. Furthermore, a proof-of-concept (PoC) exploit is now available, heightening the urgency for organizations to apply mitigations promptly.