Skip to main content

JWT Blank Secret

OWASP CategoryOWASP API2:2023 Broken Authentication

A vulnerability occurs when a JSON Web Token (JWT) is signed with an empty secret. In this scenario, the token lacks proper cryptographic protection, making it susceptible to manipulation. Attackers can modify the token's claims and content without detection, potentially leading to unauthorized access and data tampering.


TODO: write an example

How to test?

TODO: VulnAPI Command

What is the impact?

TODO: write the impact

How to remediate?

TODO: write the remediation