From a1d117e3642153dd71e037a0571403470f4533ba Mon Sep 17 00:00:00 2001
From: brianchennn <ny40ny40ny.cs11@nycu.edu.tw>
Date: Mon, 21 Aug 2023 06:41:10 +0000
Subject: [PATCH] Update 20230823.md

---
 docs/blog/CSRF/20230823.md | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/docs/blog/CSRF/20230823.md b/docs/blog/CSRF/20230823.md
index d68113ca..be3fe515 100644
--- a/docs/blog/CSRF/20230823.md
+++ b/docs/blog/CSRF/20230823.md
@@ -1,5 +1,8 @@
 # Web security: CSRF vulnerability in webconsole
 
+>[!NOTE]
+> Author: Brian Chen (陳煜盛) 
+> Date: 2023/8/23
 
 ## Abstract
 This article is intended for individuals who possess an interest in free5gc/webconsole and hold concerns regarding security matters. It aims to provide a concise introduction to the webconsole, followed by an exposition of a significant security concern along with our corresponding solution. Within webconsole v1.2.0, aligning with the most recent iteration of free5gc v3.3.0, certain vulnerabilities have been identified that could potentially lead to the exposure of subscriber data. It is my responsibility to address and rectify these vulnerabilities, enhancing the webconsole's resilience against cyber attacks.
@@ -212,10 +215,10 @@ func CheckAuth(c *gin.Context) bool {
 }
 ```
 
-:::
-- The secret key utilized for signature verification is obtained through `os.Getenv("SIGNINGKEY")`. However, there's a possibility that `SIGNINGKEY` might not be exported as an environment variable, leading to a potential return of an empty value. Under such circumstances, an implication arises: an admin in Webconsole A could potentially gain access to subscriber data within Webconsole B.
-- Within the `CheckAuth()` function, if the client sets the JWT token to **'admin'**, the function will evaluate to true, effectively allowing the check to be passed.
-:::
+> [!WARNING] 
+> The secret key utilized for signature verification is obtained through `os.Getenv("SIGNINGKEY")`. However, there's a possibility that `SIGNINGKEY` might not be exported as an environment variable, leading to a potential return of an empty value. Under such circumstances, an implication arises: an admin in Webconsole A could potentially gain access to subscriber data within Webconsole B.
+> Within the `CheckAuth()` function, if the client sets the JWT token to **'admin'**, the function will evaluate to true, effectively allowing the check to be passed.
+
 
 ## Implementation