DerScanner
Home / Vulnerability Database / Java : Missing verification step of JWT-token
Java

Java : Missing verification step of JWT-token

Classification

OWASP Top 10 2013
A6-Sensitive Data Exposure
OWASP Top 10 2017
A3-Sensitive Data Exposure
OWASP Top 10 2021
A2-Cryptographic FailuresA4-Insecure Design
OWASP MASVS
V8: 8.13.(L1+R/L2+R)
PCI DSS 4.0
3.6.16.2.48.3.2
HIPAA
§164.312 (a)(2)(iv)
CWE
CWE-325CWE-1032

Overview

The application is missing the step of JWT-token verification. This can lead to token tampering, data leakage and unpredictable application performance.

References

  1. Hacking JSON Web Tokens (JWTs) - The Startup
  2. JSON Web Token for Java - OWASP Cheat Sheet Series
  3. OWASP Top 10 2017-A3-Sensitive Data Exposure
  4. OWASP Top 10 2013-A6-Sensitive Data Exposure
  5. CWE-325: Missing Required Cryptographic Step
  6. CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
CRITICAL

DerScanner Severity Score

Do you want to fix Java : Missing verification step of JWT-token in your application?

See also

Java

Java : Race condition

Java

Java : Text4Shell Vulnerability

Java

Java : JNI usage