jwt-simple-noverify
Detected the decoding of a JWT token without a verify step. JWT tokens must be verified before use, otherwise the token’s integrity is unknown. This means a malicious actor could forge a JWT token with any claims. Set ‘verify’ to true
before using the token.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-287: Improper Authentication
- CWE-345: Insufficient Verification of Data Authenticity
- CWE-347: Improper Verification of Cryptographic Signature
OWASP:
- A05:2021 - Security Misconfiguration
- A07:2021 - Identification and Authentication Failures
jwt-simple-noverify
Detected the decoding of a JWT token without a verify step. JWT tokens must be verified before use, otherwise the token’s integrity is unknown. This means a malicious actor could forge a JWT token with any claims. Set ‘verify’ to true
before using the token.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-287: Improper Authentication
- CWE-345: Insufficient Verification of Data Authenticity
- CWE-347: Improper Verification of Cryptographic Signature
OWASP:
- A05:2021 - Security Misconfiguration
- A07:2021 - Identification and Authentication Failures