JWT Blank Secret
Severity | High |
---|---|
CVEs | |
Classifications | |
OWASP Category | OWASP API2:2023 Broken Authentication |
A vulnerability occurs when a JSON Web Token (JWT) is signed with an empty secret. In this scenario, the token lacks proper cryptographic protection, making it susceptible to manipulation. Attackers can modify the token's claims and content without detection, potentially leading to unauthorized access and data tampering.
Example
TODO: write an example
How to test?
TODO: VulnAPI Command
What is the impact?
TODO: write the impact
How to remediate?
TODO: write the remediation