JWT misconfiguration leads to zero-click account takeover and PII exposure

Recently I came across a relatively lesser known bug bounty platform and decided to hunt on it. While testing the program, I discovered that its JWT-based authentication could be manipulated to gain u