Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT not terminated after logout lead to sensitive data exposure #2167

Open
karuneshsf opened this issue Sep 27, 2024 · 0 comments
Open

JWT not terminated after logout lead to sensitive data exposure #2167

karuneshsf opened this issue Sep 27, 2024 · 0 comments
Assignees
@karuneshsf

Comments

@karuneshsf
Copy link
Contributor

Describe the bug
JWT not terminated after logout led to sensitive data exposure

To Reproduce
If the JWT token does not expire after the user logs out, it can lead to full account compromise once an attacker grasps the victim’s token since the token can be fetched from the browser history and logs.

Expected behavior
JWT should be terminated after logout

Screenshots
N/A
Additional context
N/A
karuneshsf pushed a commit that referenced this issue Oct 9, 2024
fix(authentication-service): terminate JWT token
33b0b53 
JWT not terminated after logout lead to sensitive data exposure | terminate JWT token after logout

GH-2167
karuneshsf pushed a commit that referenced this issue Oct 9, 2024
fix(authentication-service): terminate JWT token
565c449 
JWT not terminated after logout lead to sensitive data exposure | terminate JWT token after logout

GH-2167
@karuneshsf karuneshsf mentioned this issue Nov 14, 2024
Open
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@karuneshsf karuneshsf

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@karuneshsf