The vulnerability description explicitly states that failed signature validation leaks the expected signature in error messages. This indicates the signature validation function constructs error messages containing sensitive cryptographic material. The most logical location for this would be in the JWT signature validation method (likely named ValidateSignature) within the JWT validation component (JwtValidator class in a .NET implementation). The high confidence comes from the direct match between described vulnerability behavior and standard JWT validation implementation patterns in .NET/WCF services.