Information Disclosure - JWT in Browser sessionStorage
- Risk:
Informational
- Type:
- Client Passive
- CWE:
- CWE-200
- Summary
JWT was stored in browser sessionStorage.
This is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
- Solution
Store JWTs in sessionStorage instead of localStorage so that is cleared when the page session ends.
- Other info
- The following JWT was set: Key: key Header: {'alg': 'HS256', 'typ': 'JWT'} Payload: {'sub': '1234567890', 'name': 'John Doe', 'iat': 1516239022} Signature: d35db7e39ebbf34d76df8e7aefcd35db7e39ebbf34d76df8e7aefcd35db7e39ebbf34d76df8e7aefcd35db7e39ebbf Note that this alert will only be raised once for each URL + key.
American Airlines subsidiary Envoy confirms Oracle data theft attack
Microsoft lifts more safeguard holds blocking Windows 11 updates
Europol dismantles SIM box operation renting numbers for cybercrime
Microsoft fixes Windows bug breaking localhost HTTP connections
North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware
Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices
Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign
CVE-2021-43226 Microsoft Windows Privilege Escalation Vulnerability
CVE-2025-59230 Microsoft Windows Improper Access Control Vulnerability
CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability
CVE-2013-3918 Microsoft Windows Out-of-Bounds Write Vulnerability
CVE-2017-3881 Cisco IOS and IOS XE Remote Code Execution Vulnerability
CVE-2025-6264 Rapid7 Velociraptor Incorrect Default Permissions Vulnerability
CVE-2011-3402 Microsoft Windows Remote Code Execution Vulnerability
CVE-2023-50224 TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability
CVE-2007-0671 Microsoft Office Excel Remote Code Execution Vulnerability
Free online web security scanner