An attacker can remove or forge the signature of a JWT to impersonate another user.
OAuth2 Attacks & Defenses (AttsDefs, section )
This threat is considered fully mitigated if all the test cases from the following test set succeed.
The impact factor is a measure that indicates how important a given countermeasure is towards mitigating a threat.
Back to the threat overview