V3 - Session Management
JWT token over URL (GET method)
POC
- Login to the application
- Intercept all the request with Burp
- Observe that the JWT token is sent via URL in GET request
- This might help an attacker to compromise the user session easily.
Impact
Low
Likelihood
Low