Weak jwt encryption deceted

Rule ID: javascript_lang_jwt_weak_encryption
Languages: javascript
Source: jwt_weak_encryption.yml

Description

Use any default encryption algorithm jwt library provides

Remediations

Use the HS256 algorithm for JWT encryption

  jwt.sign({ "foo": "bar"}, process.env.JWT_SECRET, {
    algorithm: "HS256"
  })

Resources

OWASP weak encryption

Associated CWE

CWE-327: Use of a Broken or Risky Cryptographic Algorithm

OWASP Top 10

A02:2021 - Cryptographic Failures

Ready to take the next step? Join the Bearer Cloud waitlist.