Critical Security Flaw: Hardcoded JWT Key in Authentication Exposes Platform to Full Account Takeover

A critical security vulnerability has been patched after a hardcoded JWT signing key was discovered in the platform's source code. The flaw, classified as CWE-798 (Use of Hard-coded Credentials), carried a CVSS 3.1 score of 9.1, indicating a severe risk. If the static key had been compromised—through a source code leak, unauthorized repository access, or reverse engineering—an attacker could have forged valid authentication tokens to impersonate any user, including system administrators. This vulnerability directly impacted all JWT-based authentication across the entire platform, creating a single point of failure for user identity and access control.

The issue was located in the `src/auth/tokens.py` file, where the `JWT_SECRET_KEY` was explicitly defined as a static string: `"medsecure_prod_jwt_secret_2024_do_not_share"`. This practice is a fundamental security anti-pattern, as it embeds a sensitive credential directly into the application codebase, making it easily discoverable. The fix involved removing this hardcoded value and implementing a secure method to load the secret from an environment variable at runtime, ensuring the key is never stored in the source.

The remediation underscores a critical lesson in software security for production systems: secrets must be managed externally. The patched code now raises a clear error if the `JWT_SECRET_KEY` environment variable is not set, enforcing a secure configuration. While the immediate technical risk is now closed, the incident highlights the ongoing operational pressure to audit codebases for similar hardcoded credentials and to implement robust secret management practices to prevent catastrophic authentication bypasses.