The Guide to JWT Vulnerabilities and Attacks (With Exploitation Examples)
a year ago
- #Authentication
- #JWT
- #Security
- JWTs are used for authentication, authorization, and secure information exchange in web applications.
- A JWT consists of three parts: HEADER.PAYLOAD.SIGNATURE, each Base64URL-encoded.
- Common JWT vulnerabilities include failing to verify signatures, accepting 'none' algorithm, weak HMAC secrets, and algorithm confusion.
- Key ID (kid) injection can manipulate key selection, leading to security breaches.
- Embedding attacker-controlled keys via jwk, jku, or x5u headers can bypass verification.
- The 'Psychic Signature' vulnerability (CVE-2022-21449) in Java allows bypassing ECDSA signature verification.
- Best practices include strict algorithm enforcement, secure key management, and validating all JWT headers.