Buy Crypto
Pay with
USD
USD
Buy & Sell
Hot
Supports Visa, MasterCard, SEPA & more
P2P
0 Fees
Flexible trading, zero fees
Gate Card
Use your crypto for payments worldwide
Markets
Trade
Basic
Advanced
Futures
Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Earn
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Investment
Square
Square
Post, share, and explore crypto trends
Live
moments live
Live crypto market analysis
Chat
Chat with crypto traders
News
What is happening in crypto
flower_head
More
Promotions
AI
Diğerleri
TradFi
Rewards
Square
Latest
Hot
News
Profile
TokenTreasury_vip

The API interface design of a well-known AI service provider seems to have some issues. Currently, it still uses a simple string format, which carries significant risks—by simply decoding the JWT, users' sensitive private information can be directly exposed. This legacy problem from early design clearly has security flaws. For services that handle user data, such potential risks should be addressed as soon as possible; privacy data should not be left exposed in the open.

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 7
  • Repost
  • Share
Comment
Add a comment
Add a comment
SchrodingerWalletvip
· 2025-12-28 02:17
Damn, how can it be played like this? Decoding directly exposes the flaw, this design is really disappointing.

JWT in the raw era, big companies' moves are truly exceptional.

Has it not been fixed all these years? Feels a bit risky.

So private data is just lying there like this, outrageous.

Someone should have exposed this issue long ago, it's indeed time to take action.

But on the other hand, there are probably quite a few such legacy bugs.

It's outrageous, user data is exposed like this, no wonder there are always issues.

This is more disgusting than any vulnerability, the basic design is broken.
View OriginalReply0
ColdWalletGuardianvip
· 2025-12-27 05:17
JWT directly exposes private data, how careless is that? Do big companies do the same?
View OriginalReply0
BTCRetirementFundvip
· 2025-12-26 01:50
Oh no, this is really unacceptable. Just decode JWT directly in plain text?

---

It's the same old design flaw. When will it ever be fixed?

---

Isn't this just putting private information out on the street? No security measures at all.

---

Big companies' operations are top-notch, treating privacy security as just decoration.

---

How many years have I been saying this? When will they finally get serious?

---

JWT isn't even encrypted. How careless can developers be?

---

Legacy issues from early stages, only fixed after things blow up. Unbelievable.

---

Stacking sensitive data like this, how can it be called a reputable big company?

---

This bug has probably existed for a long time. Why are they only mentioning it now?

---

Exposing private information like this is really excessive. Fix it quickly.
View OriginalReply0
SingleForYearsvip
· 2025-12-26 01:49
Buddy, this is really outrageous. JWT in plain text? How careless can you be?

---

It should have been fixed long ago. If this continues, something's bound to happen.

---

Wait, such a large platform is still using this outdated design? No way.

---

Sensitive data just exposed openly, feels like walking around naked...

---

Why is no one paying attention to this? It's too sloppy.

---

Forget it, I'm already disappointed with big companies. It's all like this.

---

Wow, they even have this kind of operation? What is the security team doing?

---

JWT not encrypted? Who came up with this?

---

Honestly, if the public discovers such a vulnerability, it would be a social death sentence.

---

Storing sensitive information like this is really unacceptable; it must be rectified.
View OriginalReply0
token_therapistvip
· 2025-12-26 01:45
This is really outrageous. JWT bare decoding? Still using strings to store keys these days? You should have changed that long ago.
View OriginalReply0
LiquidationWatchervip
· 2025-12-26 01:39
ngl, JWT in plaintext is basically asking to get rekt... seen this movie before, remember when everyone's keys were just... floating around? health factor of that API design is already in the danger zone fr. this is how positions get liquidated, except it's user data instead of collateral. they need to encrypt that stuff yesterday, not tomorrow.
Reply0
zkProofGremlinvip
· 2025-12-26 01:26
Can you just decode JWT to see private data? That's so unreliable... Luckily, I didn't put anything important there.
View OriginalReply0

  • Pin

Sitemap