Weak Secret is Used to Sign JWT
Description
JSON Web Token (JWT) can be digitally signed for protection against data tampering. For this purpose the web application uses the HMAC algorithm with a secret key. It's very important that an attacker doesn't know the value of this secret key. Your application is using a weak/known secret key and Invicti managed to guess this key.
Remediation
Change the value of secret to a long random string