I am facing this JWT token validation issue in one of my projects.
When I create a JWT token and then use the same token in another request and validate, it works fine. But if I change the last character of the token and then check it works fine even then. So it passes the validation even then.
The token shouldn’t be validated when the last character is changed isn’t it?
The client of my project did a Penetration testing and found this issue as a vulnerability.
Please check the below added images.
If you check the images, you should be able to see that I had “0” to “3” and the validation still worked for the token.
Can you please advise on this asap? Kindly help me on this issue.