Richie sushiwushi

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                sushiwushi
                / keybase.md
            
            
              Created
              May 19, 2021 03:04
            
          
    Keybase proof

I hereby claim:

I am sushiwushi on github.
I am sushiwushi2 (https://keybase.io/sushiwushi2) on keybase.
I have a public key ASAq4-pYyqoXzprChLh02X99R9_PmrG84XzkcSW8pFtHFwo

To claim this, I am signing this object:

  
## jwt.txt
1. Leaked JWT secret keys through JavaScript files
Zendesk is a support system used by many websites, some of them enabled JWT for single sign-on authentication https://support.zendesk.com/hc/en-us/articles/203663816-Enabling-JWT-JSON-Web-Token-single-sign-on

There maybe a possibility that the JWT secret token is leaked in JavaScript files, as shown in the report below
https://hackerone.com/reports/638635

To search for it, grep (Ctrl + F) for "jwt" in website's Zendesk JavaScript files

References
https://jwt.io
	1. Leaked JWT secret keys through JavaScript files
	Zendesk is a support system used by many websites, some of them enabled JWT for single sign-on authentication https://support.zendesk.com/hc/en-us/articles/203663816-Enabling-JWT-JSON-Web-Token-single-sign-on

	There maybe a possibility that the JWT secret token is leaked in JavaScript files, as shown in the report below
	https://hackerone.com/reports/638635

	To search for it, grep (Ctrl + F) for "jwt" in website's Zendesk JavaScript files

	References
	https://jwt.io