Php Sensitive Information In Jwt
Description
Detects when sensitive information is directly embedded in JWT tokens in PHP applications using the Firebase/JWT library. This vulnerability occurs when sensitive data is passed as the payload during JWT token creation, which could expose confidential information since JWT tokens are only base64 encoded, not encrypted.
Detection Strategy
• Checks if the Firebase/JWT library is imported in the PHP codebase
• Identifies calls to JWT::encode() method from the Firebase/JWT library
• Examines the first argument (payload) passed to JWT::encode() for sensitive data
• Reports a vulnerability if the payload contains sensitive information in arrays/objects
• Example vulnerable code: JWT::encode(['password' => $userPassword], $key)
Vulnerable code example
<?php
use Firebase\JWT\JWT;
function createInsecureToken(string $key): string {
// Vulnerable: Directly using unvalidated user input in JWT payload
$payload = [
'password' => $_POST['password'],
'sessionId' => $_GET['sid']...✅ Secure code example
<?php
use Firebase\JWT\JWT;
function createSecureToken(string $key): string {
// Validate and sanitize user input before using in JWT
$password = $_POST['password'];
$sessionId = $_GET['sid'];
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.