Read more stories on Hashnode
Articles with this tag
TL;DRHere goes the short PoC - WebApp using JWT for authentication. Removed the signature - Signature is not being verified - Token still works. Modified and Re-encoded payload to get an Account takeover.PS: Header was untouched - "alg": "HS256" A ...