> ## Documentation Index
> Fetch the complete documentation index at: https://docs.codeant.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Security

<AccordionGroup>
  <Accordion title="ruby-jwt-none-alg">
    Detected use of the 'none' algorithm in a JWT token. The 'none' algorithm assumes the integrity of the token has already been verified. This would allow a malicious actor to forge a JWT token that will automatically be verified. Do not explicitly use the 'none' algorithm. Instead, use an algorithm such as 'HS256'.<br />**Likelihood**: LOW<br />**Confidence**: LOW<br />**CWE**: <br />- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
    <br />**OWASP**: <br />- A03:2017 - Sensitive Data Exposure
    <br />- A02:2021 - Cryptographic Failures
  </Accordion>

  <Accordion title="ruby-jwt-exposed-credentials">
    Password is exposed through JWT token payload. This is not encrypted and the password could be compromised. Do not store passwords in JWT tokens.<br />**Likelihood**: LOW<br />**Confidence**: LOW<br />**CWE**: <br />- CWE-522: Insufficiently Protected Credentials
    <br />**OWASP**: <br />- A02:2017 - Broken Authentication
    <br />- A04:2021 - Insecure Design
  </Accordion>

  <Accordion title="ruby-jwt-hardcoded-secret">
    Hardcoded JWT secret or private key is used. This is a Insufficiently Protected Credentials weakness: [https://cwe.mitre.org/data/definitions/522.html](https://cwe.mitre.org/data/definitions/522.html) Consider using an appropriate security mechanism to protect the credentials (e.g. keeping secrets in environment variables)<br />**Likelihood**: LOW<br />**Confidence**: LOW<br />**CWE**: <br />- CWE-522: Insufficiently Protected Credentials
    <br />**OWASP**: <br />- A02:2017 - Broken Authentication
    <br />- A04:2021 - Insecure Design
  </Accordion>
</AccordionGroup>
