We've just noticed that when we sign a JWT with the HS512 signature algorithm we can replace the last character and still have the token's signature verified. The pattern is that if, let's say, the signature ends with an 'A' all tokens ending with 'B' to 'O' (the following 15 characters in alphabetical order) will also pass when checkin the signature. The problem also arises when we sign the tokens with the HS256 algorithm but not when signing with HS384.

I've only been able to put some investigation into the issue but for me it seems like the Base64-encoding is a possible cause to the problem.

I have written some tests to illustrate the issue, see the attached file.
//Jonas @bringfeldt

JwtTest.zip