Authorization Bypass :: GraphQL JWT Token Forge
Problem Statement
Without logging in a user is able to forge the user identity claim within the JWT token for the me
query operation.
Exploitation Solution
query {
me(token: "FORGED_TOKEN") {
id
username
password
}
}