Hardcoded JWT secret or private key is used. This is a Insufficiently Protected Credentials weakness: https://cwe.mitre.org/data/definitions/522.html Consider using an appropriate security mechanism to protect the credentials (e.g. keeping secrets in environment variables) Likelihood: MEDIUM Confidence: HIGH CWE: - CWE-522: Insufficiently Protected Credentials
OWASP: - A02:2017 - Broken Authentication
- A04:2021 - Insecure Design