Dbg JWT

Identity/VLAIdentity.cs

@@ -54,9 +54,11 @@ Vérifie la validité du token JWT passé en paramètre
             var TokenHandler = new JwtSecurityTokenHandler();
             var Key = Encoding.ASCII.GetBytes(Secret);
             bool Result = true;
+            Token = Token.Substring("Bearer ".Length);
+
             try
             {
-                var JwtSecurityToken = TokenHandler.ReadJwtToken(Token.Substring("Bearer ".Length));
+                var JwtSecurityToken = TokenHandler.ReadJwtToken(Token);
                 if (JwtSecurityToken.Header.Alg == "HS256" && JwtSecurityToken.Header.Typ == "JWT")
                 {
                     TokenHandler.ValidateToken(Token, new TokenValidationParameters
@@ -65,12 +67,13 @@ Vérifie la validité du token JWT passé en paramètre
                         IssuerSigningKey = new SymmetricSecurityKey(Key),
                         ValidateIssuer = false,
                         ValidateAudience = false,
+                        ValidateLifetime = true,
                     }, out SecurityToken validatedToken);
 
                     var JwtToken = (JwtSecurityToken)validatedToken;
                 }
             }
-            catch { Result = false; }
+            catch(Exception e) { Result = false; }
 
             return Result;
         }

README.md

@@ -43,7 +43,6 @@
 | CWE-829 | Local File Inclusion | Easy | 500-2.000$|
 | CWE-918 | Server-Side Request Forgery (SSRF) | Medium | 1.000$-10.000$|
 | CWE-1270 | Generation of Incorrect Security Tokens | Medium | 1.000-20.000$ |
-| CWE-1395 | Dependency on Vulnerable Third-Party Component | Easy | 0-500$ |
 
 
 ## 🏭 Context