OWASP
diff --git a/‎2019/en/dist/owasp-api-security-top-10.odt
29 Bytes b/‎2019/en/dist/owasp-api-security-top-10.odt
29 Bytes
diff --git a/‎2019/en/dist/owasp-api-security-top-10.pdf
58 Bytes b/‎2019/en/dist/owasp-api-security-top-10.pdf
58 Bytes
diff --git a/‎2019/en/src/0xa2-broken-user-authentication.md
Lines changed: 1 addition & 0 deletions b/‎2019/en/src/0xa2-broken-user-authentication.md
Lines changed: 1 addition & 0 deletions
@@ -24,6 +24,7 @@ An API is vulnerable if it:
 * Accepts unsigned / weakly signed JWT tokens (`"alg":"none"`) / doesn’t
   validate their expiration date.
 * Uses plain text, encrypted, or weakly hashed passwords.
+* Uses weak encryption keys.
 
 ## Example Attack Scenarios