Mazharul Islam

icon indicating a website link https://islamazhar.github.io/ icon indicating an email [email protected]

icon company University of Wisconsin-Madison icon location Madison Wisconsin icon location Ph.D. Candidate || Security Privacy Researcher/Engineer

Results 2 issues of Mazharul Islam

Security issue: `state` parameter missing in redirect URL

Hi, I am a bit concern while using the projects's code for my own microservice because I noticed that the `state` parameter in **redirect URL** is missing. RFC 6749 strongly...

changing JWT secret key to random string

Setting the JWT signing key to `small-sized` `easily guessable` weak string like **""mrin""** can make it vulnerable to offline brute-force attack using cracking tools like [JohnTheRipper](https://github.com/magnumripper/JohnTheRipper), [hashcat](https://github.com/hashcat/hashcat), [c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker) [1] Therefore,...