Leakage of Personal Information via JWT Access Token

  1. Personal information is contained
  2. Nonencrypted
  3. Stateless
  4. Stolen by unintended parties

--

--

--

Co-founder and representative director of Authlete, Inc., working as a software engineer since 1997. https://www.authlete.com/

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Guide for US Users: How to purchase USDC on Binance US and deposit to your Pillow account

HackPark TryHackMe Write-Up

Multi-domain integration and interoperability for data driven warfare

IDOR leads to account takeover

Hoo Will List BZRX(bZx Protocol Token) on July 13, Deposit & Trade to Win 6,000 USDT

Privacy: Why is it Important?

How to Manage DNS Functions in WHM?

Because we aim for security and privacy, PrivacySwap has been reviewed and listed at RugDoctor

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Takahiko Kawasaki

Takahiko Kawasaki

Co-founder and representative director of Authlete, Inc., working as a software engineer since 1997. https://www.authlete.com/

More from Medium

Prometheus Query number of HTTP Request per Day

Securing An Application From Open Source Vulnerabilities