Summary
Acunetix 360 detected that the application is using a trivial secret to sign JWT.
Impact
An attacker by brute forcing JWT signature can forge malicious token with the values inside the JWT token payload to escalate privileges, impersonate users or trigger unintended application states that were meant to be prevented by the use of a tamper-proof token solution.
Remediation
It is mandatory to use a strong secret to sign JWT to avoid this vulnerability.