Tag

#jwt

Explore #jwt

Read more stories on Hashnode


Articles with this tag

Exploiting JWT - Lack of Signature Verification

Aug 6, 20203 min read 130 views

TL;DRHere goes the short PoC - WebApp using JWT for authentication. Removed the signature - Signature is not being verified - Token still works. Modified and Re-encoded payload to get an Account takeover.PS: Header was untouched - "alg": "HS256" A ...

Exploiting JWT - Lack of Signature Verification