Documentation Index
Fetch the complete documentation index at: https://docs.codeant.ai/llms.txt
Use this file to discover all available pages before exploring further.
jwt-simple-noverify
jwt-simple-noverify
Detected the decoding of a JWT token without a verify step. JWT tokens must be verified before use, otherwise the token’s integrity is unknown. This means a malicious actor could forge a JWT token with any claims. Set ‘verify’ to
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-287: Improper Authentication
- CWE-345: Insufficient Verification of Data Authenticity
- CWE-347: Improper Verification of Cryptographic Signature
OWASP:
- A05:2021 - Security Misconfiguration
- A07:2021 - Identification and Authentication Failures
true before using the token.Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-287: Improper Authentication
- CWE-345: Insufficient Verification of Data Authenticity
- CWE-347: Improper Verification of Cryptographic Signature
OWASP:
- A05:2021 - Security Misconfiguration
- A07:2021 - Identification and Authentication Failures