JWT Vulnerabilities (Json Web Tokens)

👉 Overview

👀 What ?

JSON Web Tokens (JWT) are a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.

🧐 Why ?

JWTs are a crucial part of web authentication and authorization mechanisms, playing a pivotal role in OAuth and OpenID Connect protocols. They help securely transmit information between parties and can be easily processed due to their compact size. Given their extensive use and critical role in securing applications, understanding JWT vulnerabilities is crucial. Uncovering these vulnerabilities would allow developers to secure their applications effectively and prevent potential cyber attacks.

⛏️ How ?

JWT vulnerabilities can be exploited in various ways. One common vulnerability is the 'None' algorithm attack where an attacker can change the algorithm from 'HS256' (HMAC using SHA-256 hash algorithm) to 'None', allowing the token to be accepted without signature verification. Another vulnerability is the Signature Exclusion attack, where the attacker sends a JWT without a signature and the server accepts it. To avoid these vulnerabilities, developers should never trust user input blindly, always verify JWT signatures and never use the 'none' algorithm.

⏳ When ?

JWTs have been widely used since their introduction in 2010. However, it was not until 2015 that the 'None' algorithm attack was first discovered and documented. Since then, numerous other vulnerabilities have been discovered, highlighting the importance of constant vigilance and proactive mitigation strategies in cybersecurity.

⚙️ Technical Explanations

JWTs are structured with three parts: Header, Payload, and Signature. The Header typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA. The Payload contains the claims or the pieces of information being passed about the user and any additional data. The Signature is used to verify that the sender of the JWT is who it says it is and to ensure that the message wasn't changed along the way. These components are JSON encoded, and then concatenated with periods ('.'). Vulnerabilities arise when these components are manipulated, such as altering the algorithm in the header to 'None', or removing the signature. Proper JWT handling and verification procedures can help mitigate these vulnerabilities.

We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.