Privacy of personal user data may be violated. This can break the law and harm the reputation of the application.

The JWT-token is a string consisting of three parts, each of which is encoded with base64. Base64 encoding does not encrypt or protect the data, it just represents it in an ASCII character sequence.

Valuable personal data may get into the application from a variety of sources: directly from the user, from a database, from a third party storage. Often, this data is not marked as confidential or are valuable not by itself but only in a certain context.

Often, security and privacy of personal data conflict. From a security perspective, it is necessary to record information on all the activities in the system as detailed as possible, to later reveal traces of malicious actions. From the standpoint of privacy, on the contrary, the confidential information logging increases the risk of its leak. In this case, privacy should have a higher priority.

Java : Negative content length

DerScanner Severity Score

Do you want to fix Java : Negative content length in your application?

See also