VRT New Vulnerability Addition Request - JWT Misconfigurations #482
Description
I would like to propose the inclusion of the following vulnerabilities in the Vulnerability Rating Taxonomy (VRT), as incorporating them will enhance its comprehensiveness and accuracy.
-
Broken Authentication and Session Management -> JWT Misconfigurations-> alg: none accepted (no signature verification) -> P1
-
Broken Authentication and Session Management -> JWT Misconfigurations -> Algorithm Confusion (RS256 →HS256) -> P2
-
Broken Authentication and Session Management -> JWT Misconfigurations -> Key Confusion/key reuse -> P3
Please let me know if any additional information or justification is required. Looking forward to your feedback