Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dotnet-core
- Code-injection
- Command-injection
- Cookies
- Jwt
- Jwt-decode-without-verify
- Jwt-hardcoded-secret
- Nosqli
- Path-traversal
- Sqli
- Ssrf
- Xpath-injection
- Xxe
- Dotnet
- Jwt-dotnet
- Lang
- Mongo
- Postgres
- Razor
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Jwt-decode-without-verify
Jwt decode without verify
Detected the decoding of a JWT token without a verify step. JWT tokens must be verified before use, otherwise the token’s integrity is unknown. This means a malicious actor could forge a JWT token with any claims. Validate the token before using it.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-345: Insufficient Verification of Data Authenticity
OWASP:
- A08:2021 - Software and Data Integrity Failures