# JWT Signed with Weak Secret

- ID: python-jwt-weak-secret
- Severity: HIGH
- CWE: CWE-326 (CWE-326)
- Languages: Python
- Frameworks: django, flask, fastapi

## Description

Detects JWT tokens signed with weak, hardcoded, or default secret keys that can be brute-forced.

## Remediation

Use strong secrets from environment variables for JWT signing.

```python
SECRET_KEY = os.environ['JWT_SECRET_KEY']
token = jwt.encode(payload, SECRET_KEY, algorithm='HS256')
```

Learn more: https://shoulder.dev/learn/python/cwe-326/jwt-weak-secret

## Documentation

[object Object]

## Related Rules

- **Weak Cryptographic Key Generation** [HIGH]: