An attacker can remove or forge the signature of a JWT to impersonate another user.
OAuth 2.0 Attacks & Defenses (AttsDefs, section )
This threat is considered fully mitigated if all the test cases from the following test set succeed.
Back to the threat overview