[A1] Broken Access Control - Vulnerable Ecommerce API

[vitor-mauricio]

This solution refers to which of the apps?

[A1] Broken Access Control - Vulnerable Ecommerce API

What did you do to mitigate the vulnerability?

A JWT implementation was created to ensure that the ticket returned is from the correct user.

Did you test your changes? What commands did you run?

I tested the attack narrative and could not reproduce same results

PS

Token signature was not verified. It was made that way to test other possibilities on attack vector.