Cchen113

**Name of the Vulnerable Software and Affected Versions** Trustee versions 0.8.0 through 0.8.1 **Description** The issue concerns the Attestation Results Token (ART) token, which can be manipulated by a Man-In-The-Middle (MITM) attacker. The `jwk` in the ART token payload can be replaced with the attacker's own public key, allowing the attacker to sign the crafted ART token with their corresponding private key. This replacement and modification cannot be detected based on the current code implementation. **Recommendations** For Trustee versions 0.8.0 through 0.8.1, upgrade to version 0.8.2 to address the issue. At the moment, there is no information about other workarounds for this issue.