Pattern
TLS/Auth Misassumptions
auth-verification-misassumptions
Clients over-trust cryptographic primitives (TLS, JWKS, HMAC, cert signatures) while misconfiguring verification paths, failing to validate required claims (SAN/nonce/state), or assuming key/certificate integrity guarantees that attackers can bypass or obscure.