▲ 24 r/bugbounty
JWT Token Exposed in DOM ... Is This a Valid Vulnerability?
I found a JWT token exposed in the DOM and wanted to get your opinions on whether this is a valid security finding.
In this web app, a user must be signed in.
Once authenticated, the user can see their own JWT token in the page source/DOM, which doesn’t seem like an appropriate place for it to be stored or exposed. So user needs to be authenticated first...
My concern is that if an attacker is able to successfully execute an XSS attack, they could potentially steal this token and use it to access sensitive user information or perform actions on behalf of the user.
Do you think this is a vulnerability? If so, how would you classify its severity?
u/ps_aux128 — 3 days ago