The most common JWT vulnerabilities are: - Algorithm manipulation - Lack of signature validation - Bruteforcing weak secret keys - Secret keys leaking through another attack (like directory… - Kawee Lokuge - Medium

Did you encounter any vulnerabilities with JWT libraries?

ruvishkarathnayake@gmail.com

Dec 16, 2020

--

The most common JWT vulnerabilities are:

- Algorithm manipulation

- Lack of signature validation

- Bruteforcing weak secret keys

- Secret keys leaking through another attack (like directory traversal, XXE, or SSRF)

- Key ID (KID) manipulation

- JKU/JWK/x5u/x5c headers used sending rogue keys

- Information leaks in JWT when developers forget that base64 encoding is not encrypting

Read more on: https://apisecurity.io/issue-56-common-jwt-attacks-owasp-api-security-top-10-cheatsheet/

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Written by Kawee Lokuge

https://lk.linkedin.com/in/kawee-lokuge-703342192 Developer__Designer__Artist__Traveler

No responses yet

Write a response

What are your thoughts?

Also publish to my profile

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams