Business information leak - JWT
Description
Business information is obtained within the JWT, such as: - Username - Password
Impact
- Get the username from the JWT. - Get the encrypted password from the JWT.
Recommendation
Remove the sensitive information from the JWT and manage this kind of information in the server-side.
Threat
Anonymous attacker from the Internet.
Expected Remediation Time
⏱️ 30 minutes.