Vulnerability in JSON Web Token Implementation Allows Session Hijacking

Vulnerability

A vulnerability exists due to improper implementation of JSON Web Tokens (JWTs), allowing an unauthenticated remote attacker to guess valid session IDs. This could lead to impersonation of users and unauthorized access to their accounts.

Impact

Exploitation of this vulnerability could result in unauthorized access to user accounts, allowing attackers to impersonate users and potentially misuse their privileges.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

5.0

exploitability

5.3

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

5.0

exploitability

5.3

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability in JSON Web Token Implementation Allows Session Hijacking

Vulnerability

Impact

Affected Products

JSON Web Tokens

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating