Bearer v1.1.0
  • Join the Discord Community
  • Join us on GitHub
  • Get Started

  • Get Started

    • Quick Start

  • Guides

    • Using the GitHub action
    • Create a custom rule

  • Explanations

    • Scanner types
    • Report types
    • Sensitive data flow

  • Reference

    • Installation
    • Configuration
    • Commands
    • Rules
    • Data Types
    • Supported Languages

  • Contributing

    • Overview
    • Contribute code
    • Contribute documentation
    • Contribute new recipes
  • Reference
  • Rules

Weak jwt encryption deceted

  • Rule ID: javascript_jwt_weak_encryption
  • Languages: javascript
  • Source: jwt_weak_encryption.yml

Description

Use any default encryption algorithm jwt library provides

Remediations

Use the HS256 algorithm for JWT encryption

  jwt.sign({ "foo": "bar"}, process.env.JWT_SECRET, {
    algorithm: "HS256"
  })

Resources

  • OWASP weak encryption

Associated CWE

  • CWE-327: Use of a Broken or Risky Cryptographic Algorithm

OWASP Top 10

  • A02:2021 - Cryptographic Failures

On this page

Overview
  1. Description
  2. Remediations
  3. Resources
  4. Associated CWE
  5. OWASP Top 10

Contribute

  • Edit this page
  • Leave feedback