 |
Post AxAVpHPNUYmvKx3sBc by [email protected] |
 |
More posts by [email protected] |
|
Post #AxAVR5Fb2hgqgEwsgi by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Where are all these devs learning to use hardcoded JWT secrets?https://github.c… |
|
|
|
Post #AxAVUrc1gufdXZF68W by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w are they secret though? It depends on how a JWT is used that makes it &q… |
|
|
|
Post #AxAVYJOcqd6eZycPxY by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@kajer Relevant. Sorry not sorry.https://infosec.exchange/@cR0w/115027840077956… |
|
|
|
Post #AxAVpHPNUYmvKx3sBc by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w in that specific case, likely the documentation mentions to change it, ri… |
|
|
|
Post #AxAVpHVl6ptNek2y8G by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@clemensprill The developers hardcoded the JWT secret directly into the source … |
|
|
|
Post #AxAW4djqkcpEw7xfGa by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w Sure but that's not the answer to whether it's clearly documented… |
|
|
|
Post #AxAW4dpsODe7EomTey by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@clemensprill Ah, I get what you're saying now. I don't know about that… |
|
|
|
Post #AxAWSMFZQLeBeC6knQ by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w I'm surprised it's not often given with JWTs. Is there a reason w… |
|
|
|
Post #AxAWSMMezzJo0BQPqa by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@clemensprill I'm not actually sure why, and I'm not actually sure it r… |
