> ## Documentation Index
> Fetch the complete documentation index at: https://docs.codeant.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Security

<AccordionGroup>
  <Accordion title="jwt-none-alg">
    Detected use of the 'none' algorithm in a JWT token. The 'none' algorithm assumes the integrity of the token has already been verified. This would allow a malicious actor to forge a JWT token that will automatically be verified. Do not explicitly use the 'none' algorithm. Instead, use an algorithm such as 'HS256'.<br />**Likelihood**: MEDIUM<br />**Confidence**: MEDIUM<br />**CWE**: <br />- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
    <br />**OWASP**: <br />- A03:2017 - Sensitive Data Exposure
    <br />- A02:2021 - Cryptographic Failures
  </Accordion>

  <Accordion title="hardcoded-jwt-secret">
    A hard-coded credential was detected. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).<br />**Likelihood**: HIGH<br />**Confidence**: HIGH<br />**CWE**: <br />- CWE-798: Use of Hard-coded Credentials
    <br />**OWASP**: <br />- A07:2021 - Identification and Authentication Failures
  </Accordion>
</AccordionGroup>
