Scribd
Upload
17 views8 pages

JWT (Json Web Token) Attacks

JWT (Json Web Token) is an open standard for securely transmitting information between parties as a JSON object. It consists of a header, payload, and signature separated by periods. The payload contains user data and the signature is used to validate requests. JWTs are not encrypted, so the payload can be read if the token is intercepted. Common attacks against JWTs include modifying the algorithm to bypass signature validation, changing data in the unencrypted payload, exploiting parameters like KID, and information leakage from readable payloads. Successful attacks can lead to sensitive information disclosure, account takeover, and accessing server files or databases.

Uploaded by

lachefboy77
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views8 pages

JWT (Json Web Token) Attacks

JWT (Json Web Token) is an open standard for securely transmitting information between parties as a JSON object. It consists of a header, payload, and signature separated by periods. The payload contains user data and the signature is used to validate requests. JWTs are not encrypted, so the payload can be read if the token is intercepted. Common attacks against JWTs include modifying the algorithm to bypass signature validation, changing data in the unencrypted payload, exploiting parameters like KID, and information leakage from readable payloads. Successful attacks can lead to sensitive information disclosure, account takeover, and accessing server files or databases.

Uploaded by

lachefboy77
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

JWT (Json Web Token)

Attacks
What is JWT (JSON Web Token)

JSON Web Token (JWT) is an open standard (RFC 7519) for securely
transmitting information between parties as JSON object. It is compact,
readable and digitally signed using a private key/ or a public key pair by the
Identity Provider(IdP). So the integrity and authenticity of the token can be
verified by other parties involved. The purpose of using JWT is not to hide
data but to ensure the authenticity of the data. JWT is signed and encoded,
not encrypted. JWT is a token based stateless authentication mechanism.
Since it is a client-side based stateless session, server doesn’t have to
completely rely on a datastore(database) to save session information.

Structure of JWT

A JSON Web Token consists of 3 parts separated by a period.

 Header
 Payload
 Signature
Headers

Usually, headers are first part in JWT’s which consist of Algorithm used to
encode JWT and type of the token which is JWT by-default.

Payload

Payload section is the middle part of JSON web tokens, which consists of
User Data, which is passed between Client and Server.

Signature

Signature is the third part of the JWT which is created by server, and used
to validate the requests, done by the user. To create the signature, the
base-64 encoded header and payload are taken, along with a secret key
and signed with algorithm specified in the header.

This Entire JWT is embedded in a type of string and these 3 parts are
separated by dots(.).
What is Jwt token hacking

 Information leakage

Since JSON web tokens are used for access control, they often contain
information about the user.

If the token is not encrypted, anyone can base64 decode the token and
read the token’s payload. So, if the token contains sensitive information, it
might become a source of information leaks.

A properly implemented signature section of the JSON web token provides


data integrity, not confidentiality.

 None Algorithm Attack


JWT supports a “none” algorithm. If the alg field is set to “none”, any token
would be considered valid if their signature section is set to empty.

Checking by Encoding again by modifying the algorithm to None from


HS256 and pass it on.
 Kid Parameter attack

KID is parameter seen in jwt token, and if the parameter is not properly
validated it leads to attacks like Command injection, LFI, SQLi etc. Since
the KID is often used to retrieve a key file from the file system, if it is not
sanitized before use, it can lead to a directory traversal attack.
 Changing the algorithm from “RS256” to “HS256”

The HMAC algorithm uses a single key for doing both the tasks. Hence,
this method changes the workflow from Asymmetric encryption to
Symmetric encryption and allows using the same public key for signing new
tokens.

Impact of JWT token hacking

 Sensitive Information Disclosure


 The authenticity of client can be compromised
 It leads Account takeover
 Attackers can access the Server Files
 they might be able to read data from the underlying SQL database
References

 https://medium.com/swlh/hacking-json-web-tokens-jwts-
9122efe91e4a
 https://blog.convisoappsec.com/en/json-web-tokens-tips-and-
procedures-for-secure-implementation/
 https://portswigger.net/web-security/jwt
 https://cloudentity.com/developers/basics/tokens/json-web-tokens/
 https://www.invicti.com/blog/web-security/json-web-token-jwt-attacks-
vulnerabilities/

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy