Attacks

• Modifying JWTs to bypass authentication or impersonating users.

• Vulnerabilities arise due to implementation flaws (e.g. JWT signature isn't veririfed properly) and/or leaking the sercret key.