CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
  • Join Community
Start Here
  • What is CodeAnt?
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
      • Dotnet-core
      • Dotnet
      • Jwt-dotnet
      • Lang
        • Audit
        • Best practice
        • Correctness
        • Security
        • Security
          • Ad
          • Cryptography
          • Filesystem
          • Http
          • Injections
          • Insecure deserialization
          • Memory
          • Regular expression dos
          • Sqli
          • Ssrf
          • System
          • Xxe
      • Mongo
      • Postgres
      • Razor
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Security

Ad

jwt-tokenvalidationparameters-no-expiry-validation

The TokenValidationParameters.LIFETIMEissettoLIFETIME is set to LIFETIMEissettoFALSE, this means the JWT tokens lifetime is not validated. This can lead to an JWT token being used after it has expired, which has security implications. It is recommended to validate the JWT lifetime to ensure only valid tokens are used.
Likelihood: HIGH
Confidence: HIGH
CWE:
- CWE-613: Insufficient Session Expiration
OWASP:
- A02:2017 - Broken Authentication
- A07:2021 - Identification and Authentication Failures
SecurityCryptography
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.