Skip to content

Sensitive Data: Exposed JWT Token

Identifier: exposed_jwt

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

JWTs (JSON Web Tokens) should not contain sensitive information in their payload as they are only base64 encoded and can be easily decoded by anyone. Storing sensitive data like passwords, personal information, or secrets in JWT claims can lead to data breaches and privacy violations.

Configuration

Example

Example configuration:

---
security_tests:
  exposed_jwt:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.