Description

The generated JWT access token does not validate if the signature is valid so the token can be modified and requests are accepted; even removing the signature from the token works.

Impact

- Generate tokens by bypassing existing mechanisms. - Modify tokens allowing requests to be sent outside the application cycle.

Recommendation

Generate a token with random components without sensitive information and always validate that the integrity of the token is maintained (signature verification, signature).

Threat

Unauthorized attacker with access to a token.

Expected Remediation Time

⏱️ 90 minutes.

Requirements

Fixes