JWT Null Signature
Severity | High |
---|---|
CVEs | |
Classifications | |
OWASP Category | OWASP API2:2023 Broken Authentication (opens in a new tab) |
The "JWT Null Signature" vulnerability occurs when a JSON Web Token (JWT) lacks a signature part, allowing attackers to manipulate the token's content potentially leading to unauthorized access and data tampering.
Example
TODO: write an example
How to test?
If you want to test only the "JWT Null Signature" vulnerability, you can use the following command:
vulnapi scan <curl|openapi|graphql> --scans jwt.null_signature [url]
VulnAPI supports scanning against various types of other JWT vulnerabilities as well.
What is the impact?
TODO: write the impact
How to remediate?
TODO: write the remediation