https://www.exploresecurity.com IT security tools, techniques and commentary Wed, 15 Jun 2022 09:21:02 +0000 en-US hourly 1 http://wordpress.org/?v=3.6.1 https://www.exploresecurity.com/jwt-attack-walk-through/ https://www.exploresecurity.com/jwt-attack-walk-through/#comments Fri, 25 Jan 2019 10:13:31 +0000 Jerome http://www.exploresecurity.com/?p=455 Over on the NCC Group website I published a solution to an open demonstration of the well-known JSON Web Token (JWT) algorithm confusion vulnerability (the one where you swap the token algorithm from ‘RS’ to ‘HS’ and sign your payload with the public key). I use OpenSSL to gain full visibility of what’s happening and, by walking through the method, if you ever need to test this vulnerability yourself, it will hopefully help to avoid false negatives.

]]> https://www.exploresecurity.com/jwt-attack-walk-through/feed/ 0