Insufficiently Protected Credentials
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-522: Insufficiently Protected Credentials |
| OWASP | A02:2017 - Broken Authentication |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Sensitive data is being directly included in the payload of a JWT token. This means confidential information can be exposed to anyone who receives or inspects the token, as JWT payloads are easily decoded.
Impact#
If exploited, attackers or unauthorized users could access private details such as passwords, personal data, or internal identifiers from the JWT, leading to data leaks, privacy violations, or further attacks using the exposed information.