JSON Web Tokens (JWT)
JSON Web Tokens (JWTs) are a compact, URL-safe format for transmitting signed claims between parties, defined in RFC 7519. They consist of three Base64-encoded parts — header, payload, and signature — and are most commonly used for stateless authentication and session management in modern web and API applications. Their flexibility is also their biggest source of bugs.
JWT vulnerabilities typically come from flawed validation rather than from the spec itself. Servers that accept the "alg": "none" header skip signature verification entirely. Servers that accept multiple algorithms can be tricked into algorithm confusion attacks — for example, treating an RSA public key as an HMAC secret. The "kid" header has been a recurring source of SQL injection, path traversal, and arbitrary file read. Weak HMAC secrets fall to brute force in minutes with tools like jwt_tool. And even libraries that get the basics right have repeatedly shipped regressions that re-enable old attacks years later.
Storage and lifecycle introduce a second class of risk: tokens kept in localStorage are XSS-readable, refresh-token rotation is often skipped, and revocation is rarely implemented because JWTs are designed to be stateless. RFC 8725 ("JWT Best Current Practices") exists specifically because the original spec left too much room for unsafe defaults.
This page collects PortSwigger's JWT research and Web Security Academy labs, the major open-source testing tools (jwt_tool, jwt-pwn, jwtXploiter, c-jwt-cracker), CVE writeups, OWASP cheat sheets, and bug bounty methodologies for attacking JWT-based authentication.
From OWASP JWT Cheat Sheet
| Date Added | Link | Excerpt |
|---|---|---|
| 2026-04-22 2026 | CVE-2026-32597: PyJWT Information Disclosure Vulnerability news | Writeup of CVE-2026-32597, an information disclosure vulnerability in PyJWT versions prior to 2.12.0. The library fails to properly validate the RFC 7515 crit (Critical) Header Parameter, allowing attackers to bypass security controls by crafting tokens with unrecognized critical extensions that are silently ignored instead of rejected. This input validation error, classified under CWE-345, can lead to authentication bypass in applications relying solely on PyJWT for validation. Mitigation involves upgrading PyJWT to version 2.12.0 or later and implementing additional validation logic. → sentinelone.com |
| 2026-04-22 2026 | Authlib Critical JWT Forgery (CVE-2026-27962) news | Library vulnerability CVE-2026-27962 affects Authlib's JWS deserialization when `key=None`, allowing unauthenticated attackers to forge arbitrary JWTs. By embedding their public key within the JWT's `jwk` header, attackers can bypass signature verification and achieve complete authentication bypass in applications using Authlib versions prior to 1.6.9. → thehackerwire.com |
| 2026-04-22 2026 | CVE-2026-34950 fast-jwt: Incomplete Fix for CVE-2023-48223 news | Writeup of CVE-2026-34950 in fast-jwt, detailing an incomplete fix for CVE-2023-48223. This vulnerability arises from a regex anchor issue in `publicKeyPemMatcher`, allowing leading whitespace in PEM keys to cause the library to misclassify RSA public keys as HMAC secrets. An attacker can then forge HS256 tokens using the public key as the secret, bypassing authentication for applications using RS256 without algorithm specification. |
| 2026-04-22 2026 | CVE-2026-22817: JWT Algorithm Confusion in Hono news | Writeup of CVE-2026-22817 in Hono, detailing an authentication bypass vulnerability allowing attackers to forge JSON Web Tokens (JWTs). The flaw, occurring in Hono versions prior to 4.11.4, exploits JWT algorithm confusion by enabling the use of asymmetric algorithms (like RS256) with symmetric verification, effectively allowing the server's public key to be treated as an HMAC secret for signature verification. Remediation involves updating Hono to version 4.11.4 and explicitly defining the `alg` parameter in JWT middleware configurations. |
| 2026-04-22 2026 | Proof of Concept for CVE-2026-29000 (pac4j-jwt) intermediate | Tool for demonstrating CVE-2026-29000, a critical improper authentication vulnerability in pac4j-jwt affecting versions prior to 4.5.9, 5.7.9, and 6.3.3. The proof of concept script automates key discovery, forges an unsigned JWT with `alg: none`, wraps it in a JWE, and exploits the flaw to bypass signature verification, enabling authentication bypass and privilege escalation. Mitigation involves updating pac4j-jwt, enforcing valid signatures, and potentially disabling JWE. |
| 2026-04-22 2026 | CVE-2026-23993: JWT Authentication Bypass in HarbourJwt via Unknown alg news | Writeup of CVE-2026-23993 details an authentication bypass vulnerability in HarbourJwt. The flaw occurs when an unrecognized JWT algorithm value in the header causes signature verification to be bypassed because the `GetSignature` method returns an empty string for unknown algorithms, leading to a successful string comparison during verification. This allows attackers to forge tokens with an empty signature, bypassing cryptographic checks. → pentesterlab.com |
| 2026-04-22 2026 | draft-ietf-oauth-rfc8725bis: JSON Web Token Best Current Practices beginner | Reference document detailing JSON Web Token (JWT) Best Current Practices. This specification updates RFC 7519 and replaces RFC 8725, offering actionable guidance on secure JWT implementation and deployment. It covers threats and vulnerabilities like weak signatures, insufficient validation, weak symmetric keys, insecure encryption use, plaintext leakage, substitution attacks, and JWE decompression bomb attacks. The document also outlines best practices, including algorithm verification, appropriate algorithm selection, cryptographic input validation, sufficient key entropy, UTF-8 usage, and validation of issuer, subject, and audience claims. |
| 2026-04-19 2026 | CVE-2025-45768: PyJWT Information Disclosure Vulnerability news | Library update detailing CVE-2025-45768, a weak encryption vulnerability in PyJWT v2.10.1. This flaw arises from the library's failure to enforce minimum key length requirements, potentially allowing attackers to forge JWT tokens and bypass authentication. While the vendor disputes the classification, applications using this version without strong key management practices are at risk. Mitigation involves implementing application-level key length validation, enforcing minimum key sizes (256 bits for HMAC, 2048 bits for RSA), and rotating potentially weak keys. → sentinelone.com |
| 2026-04-19 2026 | How JWT Libraries Block Algorithm Confusion: Code Review Lessons intermediate | Library code review lessons demonstrate how JWT libraries block algorithm confusion attacks. Vulnerabilities arise when applications incorrectly verify tokens, allowing attackers to manipulate the `alg` header. Libraries like brianvoe/sjwt and Corviz/jwt mitigate this by supporting only HMAC. Others, such as garyf/json_web_token and nowakowskir/php-jwt, enforce algorithm matching between the header and the verification call. The auth0/java-jwt library employs a defense-in-depth approach, first verifying header-algorithm consistency and then relying on the developer-specified algorithm for verification. jpadilla/pyjwt detects improper use of public keys with HMAC algorithms. → pentesterlab.com |
| 2026-04-19 2026 | JSON Web Token Attacks and Vulnerabilities — Acunetix beginner | Library provides a deep dive into JSON Web Token (JWT) attacks and vulnerabilities, detailing the structure of JWTs and common exploitation techniques like failing to verify signatures, allowing the "None" algorithm, and algorithm confusion. It explains how attackers can bypass signature verification through these flaws to gain unauthorized access or elevate privileges, emphasizing the critical need for proper implementation and validation of JWTs. → acunetix.com |
| 2026-04-19 2026 | Security of JSON Web Tokens (JWT) — Cyber Polygon beginner | Security of JSON Web Tokens (JWT) — Cyber Polygon |
| 2026-04-19 2026 | Analyzing Broken User Authentication Threats to JWTs — Akamai intermediate | Analyzing Broken User Authentication Threats to JWTs — Akamai → akamai.com |
| 2026-04-17 2026 | JWT Token Lifecycle: Expiration, Refresh, and Revocation beginner | Library for managing JSON Web Token (JWT) lifecycles, focusing on strategies for expiration, refresh, and revocation. It details short-lived vs. long-lived tokens, absolute vs. sliding expiration, and security configurations for Keycloak, while also referencing compliance requirements from NIST, PCI DSS, HIPAA, SOX, and GDPR to prevent vulnerabilities and ensure secure session management. |
| 2026-04-17 2026 | python-jwt token forgery CVE-2022-39227 news | Library for Python JWT token forgery (CVE-2022-39227) allows attackers to forge JWT contents without the secret key by exploiting an inconsistency between parsers in python-jwt and its jwcrypto dependency. This enables identity spoofing, session hijacking, and authentication bypass. Users should upgrade to version 3.3.4. |
| 2026-04-17 2026 | CVE-2024-53861: PyJWT Issuer Field Partial Match news | Writeup of CVE-2024-53861 in PyJWT, detailing how a change in issuer claim validation from list to sequence checking in version 2.10.0 allows for partial string matches, such as accepting 'urn:' when 'urn:expected' is required. This vulnerability, affecting PyJWT versions 2.10.0, has a CVSS score of 2.2 and is fixed in version 2.10.1, posing a risk of unauthorized access if issuer validation is not robust. |
| 2026-04-17 2026 | Python-JOSE Security Risk: CVE-2024-33663 Explained news | Writeup of CVE-2024-33663 detailing an algorithm confusion vulnerability in Python JOSE library versions up to 3.3.0. The issue arises from mishandling OpenSSH ECDSA keys, leading to cryptographic failures and potential compromise of data integrity and confidentiality. The writeup includes a proof of concept script demonstrating an exploit by using an inappropriate ECC key for HS256 signing, and recommends upgrading to Python JOSE 3.3.1+ and implementing strict input validation. |
| 2026-04-17 2026 | JWT Bomb in Python-JOSE CVE-2024-33664 news | JWT Bomb in Python-JOSE CVE-2024-33664 |
| 2026-04-17 2026 | JWT Pentest Book (six2dez) beginner | JWT Pentest Book (six2dez) |
| 2026-04-17 2026 | JWT Pentest Checklist (Cyber Frogy) beginner | Checklist detailing 27 common JSON Web Token (JWT) vulnerabilities. It offers penetration testers, developers, and security teams a structured approach to identify flaws, including testing steps, expected outcomes, and security recommendations for secure JWT implementations. |
| 2026-04-17 2026 | JWT Pentest Checklist v1.0 (Chintan Gurjar) beginner | JWT Pentest Checklist v1.0 (Chintan Gurjar) |
| 2026-04-17 2026 | HackerOne #1210502: Jitsi Authentication Bypass (JWT) intermediate | HackerOne #1210502: Jitsi Authentication Bypass (JWT) → hackerone.com |
| 2026-04-17 2026 | HackerOne #2472798: Newspack Extended Access JWT bypass intermediate | HackerOne #2472798: Newspack Extended Access JWT bypass → hackerone.com |
| 2026-04-17 2026 | JSON Web Token Vulnerabilities (0xn3va cheat sheet) beginner | JSON Web Token Vulnerabilities (0xn3va cheat sheet) → 0xn3va.gitbook.io |
| 2026-04-17 2026 | JWT Forgery via unvalidated jku parameter (Invicti) intermediate | Library for detecting JWT forgery via unvalidated `jku` parameters, a vulnerability identified by Invicti. This flaw allows attackers to tamper with JWT payloads, leading to privilege escalation, user impersonation, or unintended application states. It can also facilitate blind SSRF attacks. Mitigation involves whitelisting allowed JWK URLs and disabling HTTP redirection for token retrieval. → invicti.com |
| 2026-04-17 2026 | jwt-hack: JSON Web Token Hack Toolkit (GitHub) intermediate | Library for testing, analyzing, and attacking JSON Web Tokens. It supports decoding regular and DEFLATE-compressed JWTs, encoding JWE tokens, verifying signatures with secrets or keys, and performing dictionary and brute-force attacks. The library can also scan for common vulnerabilities like the 'none' algorithm, weak secrets, algorithm confusion, and JKU/X5U header attacks. It offers a REST API for automation and can function as an MCP server for AI model integration. |
| 2026-04-17 2026 | Insecure JSON Web Tokens (The Hacker Recipes) beginner | Library detailing insecure JSON Web Token (JWT) implementations, covering techniques like signature attacks using the "None" algorithm or switching RS256 to HS256 with an obtained public key. It also explores KID header path traversal vulnerabilities, cracking secrets with `jwt_tool.py` and `hashcat`, and recovering public keys using `JWT-Key-Recover`. |
| 2026-04-17 2026 | Hacking JSON Web Tokens - Vickie Li beginner | Hacking JSON Web Tokens - Vickie Li |
| 2026-04-17 2026 | Known Exploits and Attacks (jwt_tool Wiki) intermediate | Library of known JWT exploits and attacks, including CVE-2015-9235 (alg:none), CVE-2016-5431 (Key Confusion), CVE-2018-0114 (Key Injection), and CVE-2020-28042 (Null Signature). This resource also details JWKS Spoofing, "kid" Injection, cross-service relay attacks, weak secret cracking, and key injection via inline public keys. Each attack type is explained with examples and mitigation strategies for JWT configurations. |
| 2026-04-17 2026 | JWT Security Best Practices for 2025 (JWT.app) beginner | Library detailing JWT security best practices for 2025, covering cryptographically strong secret management, optimal token expiration strategies, comprehensive validation including checking revocation lists and user status, secure storage methods like HTTP-Only cookies, algorithm considerations (EdDSA, ES256, RS256, PS256), token refresh mechanisms, and protection against common attacks such as algorithm confusion and token sidejacking, alongside monitoring and auditing. |
| 2026-04-17 2026 | JWT Security Best Practices (Phase Two) beginner | Library detailing secure JSON Web Token (JWT) implementation, covering payload transparency, TLS transmission, proper CORS policies, and information leakage prevention. It discusses algorithm selection between symmetric (HMAC) and asymmetric (RSA/ECC) signatures, emphasizes essential claims like `iss`, `aud`, `exp`, and `jti`, and outlines token revocation strategies such as short token lifetimes and the refresh token pattern with distributed blacklisting. |
| 2026-04-17 2026 | JWT Security Guide: Best Practices & Implementation (Gupta Deepak) beginner | Library exploring JSON Web Tokens (JWTs) details their evolution from traditional session management, structure including header, payload, and signature, and practical workflow. It highlights common vulnerabilities like signature verification flaws, algorithm confusion attacks (including the "none" algorithm), client-side storage risks, and the revocation challenge. Essential security practices covered include secure communication via HTTPS, smart token storage using HttpOnly cookies, token lifecycle management with expiration, refresh tokens, and blacklisting, and payload security. Advanced measures like fingerprinting and audience validation are also discussed. |
| 2026-04-17 2026 | JWT authentication bypass via kid header path traversal (siunam) intermediate | Writeup detailing a JWT authentication bypass exploiting a `kid` header path traversal vulnerability. This technique allows an attacker to manipulate the `kid` parameter to point to a server filesystem file, such as `/dev/null`, and then sign the JWT with a secret matching the file's content, like a null byte encoded as `AA==`. The bypassed authentication can then be used to gain administrator privileges and perform unauthorized actions, such as deleting users. |
| 2026-04-17 2026 | JWT authentication bypass via algorithm confusion (siunam) intermediate | Library for demonstrating JWT algorithm confusion attacks. This resource details how to exploit vulnerabilities where an application uses an asymmetric signing algorithm like RS256 but can be tricked into using a symmetric one like HS256 with the public key as the shared secret. It walks through obtaining the server's public key, formatting it, modifying the JWT header to HS256, altering the payload to gain administrator privileges, and signing the token using the public key as the secret to bypass authentication. |
| 2026-04-17 2026 | ctf-jwt-token: Vulnerability in early JWT node.js library (GitHub) intermediate | Library demonstrating a vulnerability in an early JWT node.js library. The example showcases how an attacker can modify a JWT token, exploiting the "none" algorithm support in older `jsonwebtoken` versions (like v0.4.0) to elevate their privileges from a common user to an admin, thereby accessing restricted content. The resource includes the source code, Docker image, and a Python script for performing the attack. |
| 2026-04-17 2026 | JWT Authentication Bypass Using alg:none - CTF Writeup intermediate | JWT Authentication Bypass Using alg:none - CTF Writeup |
| 2026-04-17 2026 | JWT Algorithm Confusion Attack: Two Active CVEs in 2026 news | Reference detailing CVE-2026-22817 affecting Hono and CVE-2026-23993 impacting HarbourJwt, both stemming from JWT libraries that trust the token's `alg` header for signature verification. The article explains how attackers can exploit this, including an RS256-to-HS256 swap in Hono and an unknown algorithm bypass in HarbourJwt, and provides methods for detection and prevention such as algorithm pinning and validating `iss`/`aud` claims. |
| 2026-04-17 2026 | JWT Algorithm Confusion: Turning RS256 Tokens into HS256 Disasters intermediate | JWT Algorithm Confusion: Turning RS256 Tokens into HS256 Disasters |
| 2026-04-17 2026 | CVE-2026-29000: pac4j-jwt Authentication Bypass news | Writeup on CVE-2026-29000 detailing an authentication bypass in pac4j-jwt. This critical vulnerability, classified as CWE-347, allows unauthenticated remote attackers possessing the server's RSA public key to craft a JWE-wrapped PlainJWT with arbitrary claims, effectively bypassing signature verification and authenticating as any user, including administrators. Affected versions are prior to 4.5.9, 5.7.9, and 6.3.3, with proof-of-concept code publicly available. The exploit leverages a flawed trust model where token decryption is mistakenly treated as proof of identity. → penligent.ai |
| 2026-04-17 2026 | Understanding JWT Security and Common Vulnerabilities (secops) beginner | Library detailing common JSON Web Token (JWT) vulnerabilities, including the "None" algorithm bypass, key injections via the `kid` parameter, and algorithm confusion attacks where RS256 can be downgraded to HS256. It explains how to test for these by verifying signature integrity, altering claims, bypassing signature checks, and hunting for exposed signing keys, referencing CVE-2022-21449. The resource also provides a walkthrough of the Certified API Pentester Mock Exam to demonstrate real-world exploitation scenarios. |
| 2026-04-17 2026 | JWT Security in 2025: Critical Vulnerabilities for B2B SaaS beginner | Reference of six critical JWT vulnerabilities in 2025, including CVE-2025-4692 (privilege escalation on cloud platforms), CVE-2025-30144 (issuer validation flaws in fast-jwt), CVE-2025-27371 (OAuth audience ambiguity), CVE-2025-27144 (resource exhaustion via malformed tokens in Go JOSE), CVE-2025-24976 (signing key injection via JWK issues), and CVE-2025-2079/CVE-2025-20188 (hard-coded secrets). These highlight the need for strict validation, least privilege, precise claim handling, input validation, thorough key verification, and robust secret management for B2B SaaS companies. → securityboulevard.com |
| 2026-04-17 2026 | JWT Vulnerabilities List: 2026 Security Risks & Mitigation Guide (Red Sentry) beginner | Guide on 2026 JWT vulnerabilities, detailing risks like failing signature verification, none algorithm exploitation, and algorithm confusion. It addresses specific CVEs from 2025, including CVE-2025-4692 and CVE-2025-30144, and their impact on sectors like B2B SaaS, healthcare, and FinTech. Mitigation strategies focus on key management, validation of claims (iss, aud, exp), and incorporating OWASP testing into pentests, referencing work by Vaadata, Invicti, and PortSwigger. |
| 2026-04-16 2026 | JWT Header Parameter Injections intermediate | JWT Header Parameter Injections |
| 2026-04-16 2026 | CVE-2026-29000: Authentication Bypass in pac4j-jwt news | Writeup of CVE-2026-29000, an authentication bypass in pac4j-jwt. A remote attacker with the server's RSA public key can exploit a logic error in JwtAuthenticator's handling of JWEs containing unsigned PlainJWTs. This flaw allows unverified claims to grant impersonation privileges, including administrator access. Deployments using RSA JWE with both EncryptionConfiguration and SignatureConfiguration in JwtAuthenticator are vulnerable. A public proof-of-concept is available. → arcticwolf.com |
| 2026-04-16 2026 | JWT Algorithm Confusion Attacks: CVE-2026-22817 Fix Guide intermediate | Guide addressing JWT algorithm confusion attacks, detailing how vulnerable libraries trust attacker-controlled `alg` fields in JWT headers. It explains the exploitation of CVE-2026-22817, CVE-2026-27804, and CVE-2026-23552, impacting frameworks like Hono, Parse Server, HarbourJwt, and Apache Camel. The guide provides specific fixes, including upgrading to patched versions and explicitly pinning allowed algorithms like RS256, rather than inferring them from the token, to prevent token forgery and bypasses. |
| 2026-04-11 2026 | CVE-2024-33663: Python-jose Algorithm Confusion news | Writeup on CVE-2024-33663, an algorithm confusion vulnerability impacting python-jose through version 3.3.0. This flaw allows attackers to exploit key format confusion with OpenSSH ECDSA keys, potentially enabling authentication bypass or signature forgery. The vulnerability, similar to CVE-2022-29217 affecting PyJWT, arises from improper algorithm enforcement during JWT verification, allowing attackers to craft malicious tokens by using a public key as a symmetric secret. Mitigation involves explicit algorithm allowlisting and upgrading affected python-jose versions. → sentinelone.com |
| 2026-04-11 2026 | Severe Security Flaw Found in jsonwebtoken Library news | Writeup of CVE-2022-23529 in the jsonwebtoken library, a vulnerability that could lead to remote code execution when verifying a maliciously crafted JSON web token. The flaw, which impacts versions prior to 9.0.0, requires an attacker to exploit a separate flaw in the secret management process for exploitation. While the CVE was initially high-severity, it has since been retracted as the risk is primarily in insecure calling code rather than the library itself. → thehackernews.com |
| 2026-04-11 2026 | The Ultimate Guide to JWT Vulnerabilities and Attacks beginner | Library detailing JSON Web Token (JWT) vulnerabilities and attacks, including signature verification failures, the "none" algorithm bypass, weak secret brute-forcing for HS256, and algorithm confusion attacks like RS256 to HS256 swaps and ES256 to HS256 swaps. The resource provides hands-on exercises for practicing these exploits, covering common implementation flaws and defense strategies. → pentesterlab.com |
| 2026-04-11 2026 | HackerOne: Trint insecure client-side JWT generation news | HackerOne: Trint insecure client-side JWT generation → hackerone.com |
| 2026-04-11 2026 | HackerOne: Linktree account takeover via improper JWT validation news | HackerOne: Linktree account takeover via improper JWT validation → hackerone.com |
| 2026-04-11 2026 | HackerOne: Critical vulnerability in JWE Specification news | HackerOne: Critical vulnerability in JWE Specification → hackerone.com |
| 2026-04-11 2026 | HackerOne: Argo CD JWT audience claim not verified news | HackerOne: Argo CD JWT audience claim not verified → hackerone.com |
| 2026-04-11 2026 | JWT Signature Bypass via unvalidated jku parameter intermediate | Technique for bypassing JWT signature verification using an unvalidated 'jku' parameter. This vulnerability allows attackers to control the JWK Set URL, enabling them to sign forged tokens with their own keys. Remediation involves strictly validating the 'jku' parameter against an allowlist of trusted URLs or disabling the parameter support entirely, and disabling HTTP redirects when fetching JWKS. → invicti.com |
| 2026-04-11 2026 | JWT Signature Bypass via kid Path Traversal intermediate | Technique for JWT signature bypass via 'kid' path traversal, where manipulating the Key ID header parameter with directory traversal sequences allows attackers to force the application to use an attacker-controlled file as the signing key. This bypasses authentication by enabling the creation of validly-signed JWT tokens with arbitrary payloads. Remediation involves validating and sanitizing the 'kid' parameter using allowlisting or mapping tables, storing keys securely, and utilizing robust JWT libraries. → invicti.com |
| 2026-04-11 2026 | JWT Signature Bypass via kid SQL injection intermediate | Vulnerability writeup detailing JWT Signature Bypass via `kid` SQL injection. This flaw arises when the `kid` header parameter is used to query a database for cryptographic keys without proper input sanitization, enabling attackers to inject SQL and forge JWTs. Remediation involves using parameterized queries, strict `kid` validation, secure error handling, and robust key management. → invicti.com |
| 2026-04-11 2026 | JWT Attack Walk-Through - NCC Group intermediate | Walkthrough of JWT attack vectors, detailing vulnerabilities within JSON Web Tokens. This analysis, from NCC Group's Exploit Development Group, leverages their expertise in cryptography and vulnerability research to illustrate real-world exploitation techniques, contributing to improved cyber resilience. |
| 2026-04-11 2026 | A Practical Guide to Attacking JWT intermediate | A Practical Guide to Attacking JWT |
| 2026-04-11 2026 | Hacker Tools: JWT_Tool beginner | Tool for validating, forging, scanning, and tampering with JWT tokens. JWT_Tool facilitates reconnaissance by viewing token claims, performs active scans for misconfigurations, and aids in fuzzing applications and cracking weak secrets. It supports specific attacks like the none algorithm attack (CVE-2015-9235) and RS256 to HS256 key confusion attacks (CVE-2016-5431). → intigriti.com |
| 2026-04-11 2026 | November CTF Challenge: Exploiting JWT vulnerabilities to achieve RCE intermediate | Walkthrough of a CTF challenge exploiting JWT vulnerabilities, including the 'none' algorithm attack, to achieve remote code execution on the AquaCommerce! e-commerce platform. This guide details reconnaissance steps using Wappalyzer, JWT decoding, privilege escalation to 'admin' role, and server-side template injection (SSTI) in the profile display name field to locate the flag. → intigriti.com |
| 2026-04-11 2026 | RFC 8725 - JSON Web Token Best Current Practices beginner | Reference detailing Best Current Practices for JSON Web Tokens (JWTs). This document updates RFC 7519, offering actionable guidance for secure JWT implementation and deployment by addressing common attack vectors. It covers issues such as algorithm confusion ("none" algorithm, RS256 to HS256), weak symmetric keys, failure to validate internal signatures in encrypted JWTs, information leakage from encryption algorithms, invalid curve point validation in ECDH-ES, and JSON encoding ambiguities. The document references mitigations for these vulnerabilities and is intended for JWT library implementers, developers using JWTs, and specification authors. |
| 2026-04-11 2026 | Cracking JWT Keys - Authentication Lab intermediate | Walkthrough of JWT key cracking techniques, demonstrating how to steal, guess, or brute-force HMAC secret keys to forge valid tokens. The lab utilizes tools like John the Ripper and Hashcat, with keys crackable on a standard workstation using common wordlists. It highlights the process of obtaining a token, cracking its key, modifying claims, re-signing, and submitting the forged token, referencing JWT.IO for debugging. |
| 2026-04-11 2026 | Brute Forcing HS256 is Possible intermediate | Tool demonstrating the possibility of brute-forcing HS256-signed JSON Web Tokens by exploiting weak shared secrets. The article details the structure of JWTs, the HS256 and RS256 signing algorithms, and provides instructions for compiling and using a multi-threaded `jwt-cracker` tool to recover secrets from compromised tokens. It highlights the importance of using secret keys that meet or exceed the hash output size as specified by RFC7518 to prevent such attacks. |
| 2026-04-11 2026 | Golang JWT access restriction bypass vulnerability intermediate | Library for Go JWT access restriction bypass vulnerability affecting the `VerifyAudience` function. Discovered issues with double-quoted empty strings bypassing audience verification, leading to CVE-2020-28361. While a fix was available in v4.0.0-preview1, many projects used the master branch, leaving them vulnerable. Snyk's research team identified this and other proprietary Go vulnerabilities, enriching their Intel Vulnerability Database to provide broader security coverage. → snyk.io |
| 2026-04-11 2026 | Top 3 security best practices for handling JWTs beginner | Library for securely handling JWTs, focusing on three core best practices: keeping tokens secret via HTTPS and secure storage (HttpOnly, Secure flags), validating tokens by checking signatures and claims (exp, nbf, iss, aud), and setting expiration times. It highlights how tools like Snyk can identify vulnerabilities related to these practices, mentioning Python libraries such as Flask-JWT-Extended and PyJWT. → snyk.io |
| 2026-04-11 2026 | Detecting JWT Security Issues beginner | Library for detecting JWT security issues in Node.js applications. It identifies vulnerabilities arising from the insecure use of the `jsonwebtoken` npm package, specifically the misuse of `jwt.decode()` which bypasses signature verification and can lead to broken authentication. The library also flags hardcoded sensitive data, insufficient logging, and lack of rate limiting, providing recommendations for secure JWT handling. → snyk.io |
| 2026-04-11 2026 | Attacking JWT authentication intermediate | Library for testing JWT authentication implementations, detailing how to identify JWTs and exploit common vulnerabilities. Techniques covered include checking for sensitive data, manipulating signing algorithms (e.g., `none` or switching from RS256 to HS256), and cracking weak HS256 secret keys using tools like `jwtbrute` and John the Ripper. |
| 2026-04-11 2026 | Lab: JWT authentication bypass via weak signing key intermediate | Lab: JWT authentication bypass via weak signing key, detailing a process to exploit a weak signing key in JSON Web Tokens. This involves using Burp Suite's JWT Editor extension to brute-force the secret key with `hashcat`, generating a new symmetric key in JWK format, and then modifying the JWT's payload to gain administrative access. → portswigger.net |
| 2026-04-11 2026 | Lab: JWT authentication bypass via jku header injection intermediate | Lab: JWT authentication bypass via jku header injection. This lab demonstrates an authentication bypass vulnerability in JSON Web Tokens by injecting a malicious JWK Set. Using the Burp Suite JWT Editor extension, attackers can upload a controlled JWK Set, modify the JWT header to reference it with a `jku` parameter, and then sign the token with their own key. This allows them to impersonate legitimate users and gain unauthorized access, as shown by escalating privileges to access an admin panel. → portswigger.net |
| 2026-04-10 2026 | PortSwigger KB: JWT none algorithm supported intermediate | Library for detecting JWT "none" algorithm vulnerabilities. This flaw allows an attacker to tamper with the JWT's `alg` header to "none", remove the signature, and submit an unsigned token. If the server accepts this, attackers can escalate privileges or impersonate users by modifying arbitrary claims in the payload. Remediation involves configuring JWT libraries to reject unsecured tokens and only accept cryptographically strong algorithms. → portswigger.net |
| 2026-04-10 2026 | Intigriti: Exploiting JWT vulnerabilities — advanced exploitation guide advanced API Sec Bug Bounty | Guide to exploiting JWT vulnerabilities, this resource details seven methods for testing misconfigurations. It covers the 'none' algorithm, missing signature validation, and algorithm confusion attacks, including examples like CVE-2018-0114 and JWK spoofing. The guide explains JWT structure and emphasizes the risks of neglecting security specifications during implementation. → intigriti.com |
| 2026-04-10 2026 | Vaadata: JWT vulnerabilities, common attacks and security best practices beginner | Library on JSON Web Token (JWT) vulnerabilities, covering their structure including JOSE header, payload, and signature. It details common attack vectors that exploit weak implementations and outlines security best practices for configuration and usage, emphasizing the importance of secure secret management for algorithms like HS256 and RS256. → vaadata.com |
| 2026-04-10 2026 | WorkOS: JWT algorithm confusion attacks explained intermediate | Library detailing JWT algorithm confusion attacks, a critical vulnerability where servers trust metadata within tokens to dictate verification algorithms. This breakdown covers the classic RS256 to HS256 swap, where an RSA public key is used as an HMAC secret, and related vectors like the `alg: none` attack and JWKS injection via `jku` and `x5u`. It highlights real-world exploits in libraries like Node.js's `jsonwebtoken`, Python's `PyJWT`, and others, emphasizing defensive patterns such as pinning algorithms explicitly and ignoring embedded key references. |
| 2026-04-10 2026 | PentesterLab: Another JWT Algorithm Confusion Vulnerability (CVE-2024-54150) news | Writeup of CVE-2024-54150, detailing an algorithm confusion vulnerability in the xmidt-org/cjwt library. The flaw occurs when the library fails to properly distinguish between HMAC and asymmetric signature verification, allowing an attacker to use an HMAC signature with an RSA public key. This technique can lead to unauthorized access by exploiting weak signature validation. → pentesterlab.com |
| 2026-04-10 2026 | Curity: JWT Security Best Practices beginner | Library detailing JWT security best practices for applications. It emphasizes that JWT security stems from proper implementation and validation, not the format itself. Key recommendations include fully validating signatures, issuers, and audiences; avoiding interchangeable ID and access tokens; omitting sensitive data from JWTs; utilizing short-lived tokens; and employing asymmetric signing keys with centralized management. The document also discusses the risks of placing sensitive information or API details within tokens, suggesting phantom or split token approaches, and highlights the importance of secure algorithm selection and validation against an allow-list, specifically warning against the "none" algorithm. |
| 2026-04-10 2026 | RFC 8725: JSON Web Token Best Current Practices beginner | Reference for RFC 8725, updating RFC 7519, this document provides actionable guidance for secure implementation and deployment of JSON Web Tokens (JWTs). It addresses common vulnerabilities such as algorithm confusion attacks (including "none" algorithm and RS256 to HS256 transitions), weak symmetric keys, mismatches between signed and encrypted token validation, and encryption length leakage from compression attacks. The guidance also covers input validation issues with ECDH-ES and concerns related to older JSON encoding standards, aiming to mitigate attacks like CVE-2015-9235 and CVE-2023-51774. |
| 2026-04-10 2026 | Auth0: Critical vulnerabilities in JSON Web Token libraries news | Library vulnerabilities in node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt allow attackers to bypass verification using the "None" algorithm or by forging tokens with asymmetric keys like RS256 and ES256. Attackers can exploit the RSA vs. HMAC confusion by using a public key as an HMAC secret, leading to arbitrary token forgery. This analysis highlights the critical need for library developers to explicitly specify algorithms during verification and for users to audit dependencies. |
| 2026-04-10 2026 | OWASP WSTG: Testing JSON Web Tokens intermediate | Reference detailing OWASP's Web Security Testing Guide (WSTG) procedures for testing JSON Web Tokens (JWTs). It covers analyzing JWT headers and payloads for sensitive data, testing for tampering vulnerabilities, and verifying signature integrity. Specific attack vectors discussed include exploiting the "none" algorithm, the ECDSA "psychic signatures" vulnerability (CVE-2022-21449), weak HMAC key cracking using tools like crackjwt.py and John the Ripper, and HMAC vs. public key confusion attacks. → owasp.org |
| 2026-04-10 2026 | OWASP JSON Web Token for Java Cheat Sheet intermediate | Cheat sheet addressing common security pitfalls when implementing JSON Web Tokens (JWT) in Java applications. It details how to prevent the "none" hashing algorithm vulnerability by explicitly specifying expected algorithms during token verification. It also offers strategies to mitigate token sidejacking by incorporating a hardened, secure cookie with a hashed user fingerprint into the token validation process. → cheatsheetseries.owasp.org |
| 2026-04-10 2026 | KathanP19/HowToHunt: JWT beginner | Library detailing JSON Web Token (JWT) security, covering its structure (header, payload, signature), symmetric and asymmetric encryption (HS256, RS256), and common vulnerabilities. It explores attacks such as the "none" algorithm bypass, algorithm substitution (RS256 to HS256), signature validation failures, and secret key cracking using tools like Hashcat and JWT_Tool. The library also highlights insecure header parameters like `kid`, `jku`, `jwk`, `x5u`, `x5c`, and `x5t`. |
| 2026-04-10 2026 | tuhin1729 Bug Bounty Methodology: JWT beginner | Reference to JWT attacks, detailing methods such as modifying the body when signatures are unchecked or exist, brute-forcing weak signatures, and exploiting the "None" algorithm. It also covers attacks against RS256 by finding public keys, manipulating the `kid` parameter for URL redirection, accessing publicly readable files, and injecting commands or SQL queries. The entry includes steps for setting up and using the `jwt_tool` for automated analysis. |
| 2026-04-10 2026 | HackTricks: JWT vulnerabilities intermediate | Library for exploring JSON Web Token (JWT) vulnerabilities, detailing techniques like signature bypass using `jwt_tool` and `SignSaboteur`, exploiting `alg=none`, and key confusion attacks that leverage RS256 with a public key as a shared secret. It also covers crafting JWE tokens by exploiting pac4j-jwt vulnerabilities and forging tokens using leaked encryption keys and user data. → book.hacktricks.xyz |
| 2026-04-10 2026 | PayloadsAllTheThings: JSON Web Token beginner | Library detailing JSON Web Token (JWT) security flaws, including format, signature bypasses like CVE-2020-28042 and CVE-2015-9235, key confusion attacks (CVE-2016-5431), and key injection. It also covers tools such as `ticarpi/jwt_tool`, `c-jwt-cracker`, and `JOSEPH`, along with insights into signature disclosure vulnerabilities like CVE-2019-7644 and the "None" algorithm exploit. |
| 2026-04-10 2026 | DontPanicO/jwtXploiter: A tool to test the security of JSON Web Tokens intermediate | Tool for testing JSON Web Token (JWT) security. This application facilitates tampering with token payloads, exploiting vulnerable header claims like `kid`, `jku`, and `x5u`, verifying tokens, and performing key confusion attacks. It supports all JSON Web Algorithms (JWAs), generates JWKs, and integrates with `pip` and `dpkg`. Targeted at web application penetration testers, bug bounty hunters, and developers needing to secure JWT implementations. |
| 2026-04-10 2026 | brendan-rius/c-jwt-cracker: JWT brute-force cracker in C intermediate | Library for multi-threaded JWT brute-force cracking written in C. It supports HMAC hash functions like HS256, HS384, and HS512, allowing users to specify custom alphabets and secret lengths. The tool leverages OpenSSL for hashing and includes build instructions for Docker and native compilation on Linux and macOS, noting potential Base64 implementation issues. |
| 2026-04-10 2026 | mazen160/jwt-pwn: Security testing scripts for JWT intermediate | Library of scripts for security testing of JSON Web Tokens (JWT). Includes tools for brute-forcing secrets with `jwt-cracker.py` and `go-jwt-cracker`, decoding JWT values, generating new JWTs signed with HS256, and creating unsigned JWTs. These scripts aid in identifying vulnerabilities related to JWT implementation. |
| 2026-04-10 2026 | jwt_tool Attack Methodology wiki intermediate | Library providing an attack methodology for testing JSON Web Tokens (JWTs). It details a workflow, beginning with setup using intercepting proxies like Burp Suite or ZAP, and then enumerates various checks and exploits. These include verifying token requirement and persistence, analyzing claim processing before validation, and exploiting common vulnerabilities such as the 'none' algorithm (CVE-2015-9235), RSA key confusion (CVE-2016-5431), JWKS injection (CVE-2018-0114), and null signatures (CVE-2020-28042). The library also covers advanced techniques like "kid" issues, URL tampering, JWKS spoofing, and cross-service relay attacks. |
| 2026-04-10 2026 | ticarpi/jwt_tool: A toolkit for testing, tweaking and cracking JSON Web Tokens intermediate | Library for validating, forging, scanning, and tampering with JSON Web Tokens (JWTs). It identifies vulnerabilities like `alg=none` (CVE-2015-2951), RS/HS256 public key mismatch (CVE-2016-10555), key injection (CVE-2018-0114), and blank password (CVE-2019-20933/CVE-2020-28637) by fuzzing claims, testing secrets, performing dictionary attacks, and enabling timestamp tampering. The tool also supports RSA and ECDSA key generation and reconstruction, rate-limiting, and can directly send tokens to target URLs or files for automated testing against applications. |
| 2026-04-10 2026 | Working with JWTs in Burp Suite intermediate | Library for testing JWT authentication bypass vulnerabilities in Burp Suite. It allows users to view and decode JWTs within Burp Inspector, and then utilize the JWT Editor extension to generate cryptographic signing keys, edit token headers and payloads, and resign the modified JWT with a valid signature. The extension automatically flags requests containing JWTs, streamlining the identification and manipulation process. → portswigger.net |
| 2026-04-10 2026 | JSON Web Token Attacker Burp extension intermediate | Extension that assists in pentesting applications utilizing JavaScript Object Signing and Encryption (JOSE), specifically targeting JSON Web Tokens. This tool automates the discovery and testing of vulnerabilities within JOSE implementations, aiding security professionals in identifying potential weaknesses during application assessments. → portswigger.net |
| 2026-04-10 2026 | JWT Scanner Burp extension intermediate | Extension for Burp Suite that scans for JWT vulnerabilities by highlighting tokens and initiating scans. It supports forging public keys when they are not exposed, allowing for further exploitation and vulnerability discovery by rerunning scans after successful forging. → portswigger.net |
| 2026-04-10 2026 | PortSwigger jwt-editor: Burp Suite extension for editing and signing JWTs intermediate | Library for manipulating JSON Web Tokens (JWTs) within Burp Suite, this tool detects and allows editing, signing, verifying, encrypting, and decrypting JWTs in HTTP and WebSocket messages. It offers detection of JWTs, highlighting, and an Intruder payload provider. Functionality includes importing/exporting cryptographic keys, editing JWS/JWE components with JSON and hex editors, and performing attacks such as "none" algorithm bypass, HMAC key confusion, embedded JWK, signing with an empty HMAC key, Psychic signatures (CVE-2022-21449), and collaborator integration. |
| 2026-04-10 2026 | Algorithm confusion attacks | Web Security Academy intermediate | Reference detailing algorithm confusion attacks, also known as key confusion attacks, where an attacker manipulates JWT verification by forcing a server to use an unintended algorithm. This often exploits flawed JWT library implementations where a single verification method handles multiple algorithms, allowing an attacker to use a public key as a symmetric secret for HS256 verification when RS256 was intended. The entry outlines obtaining the server's public key, converting it to the correct format, and signing a forged JWT with HS256 using that public key. It also covers deriving public keys from existing tokens using tools like `jwt_forgery.py` or `portswigger/sig2n`. → portswigger.net |
| 2026-04-10 2026 | JWT attacks | Web Security Academy beginner | Library detailing JSON Web Token (JWT) vulnerabilities, covering design flaws and incorrect handling that lead to high-severity attacks such as privilege escalation and user impersonation. It explains JWT format, signature verification, and common exploitation techniques, including accepting arbitrary or no signatures, and provides practical labs for safe exploitation against realistic targets. Burp Suite Professional 2022.5.1 is mentioned for its automated detection capabilities. → portswigger.net |
| 2026-01-12 2026 | dr34mhacks/jwtauditor: JWT Auditor – Analyze, break, and understand your tokens like a pro. intermediate Python | Tool for analyzing and exploiting JWT security vulnerabilities. JWTAuditor offers automated detection for over 15 vulnerability types, including algorithm confusion, KID parameter injection, and sensitive data exposure, with detailed explanations and remediation advice. It features secret bruteforcing, a JWT editor, token generator, and seven specialized attack modules, all processed client-side for enhanced privacy. It supports various signing algorithms like HS256 and RS256, and facilitates testing through RSA key generation and signature verification. |
| 2025-10-27 2025 | Stealing Microsoft Teams access tokens in 2025 advanced AuthN | Analysis of Microsoft Teams token extraction reveals a method to retrieve encrypted access tokens stored on disk. Initially, tokens were in plaintext within an SQLite database, but newer versions encrypt them using DPAPI. The process involves monitoring file writes with Sysinternals ProcMon to identify the `msedgewebview2.exe` process, which accesses the `Cookies` file. The DPAPI encryption key is found in a local state JSON file. A Proof of Concept in Rust decrypts these tokens using AES-256-GCM, enabling interactions with the Microsoft Graph API via tools like GraphSpy. |
| 2025-09-05 2025 | Authentication Explained: When to Use Basic, Bearer, OAuth2, JWT & SSO | daily.dev beginner AuthN AuthZ | Guide to authentication and authorization models, detailing when to use Basic, Bearer tokens, OAuth2, JWT, and SSO. It contrasts RBAC, ABAC, and ACL authorization strategies and explains how applications like GitHub and Stripe integrate these for robust security, emphasizing the importance of selecting appropriate mechanisms based on application complexity and specific requirements. |
| 2024-09-05 2024 | JWT vs PASETO: New Era of Token-Based Authentication intermediate API Sec AuthN | This article delves into a comprehensive comparison of Paseto and JWT, dissecting their core functionalities, security features, and… |
| 2024-08-16 2024 | Securing OAuth 2.0 Token Exchange Flow with Keycloak intermediate API Sec AuthN | RFC 8693: Token Exchange describes a mechanism for exchanging an existing token (JWT) for a new token with different issuing client id… |
| 2023-05-21 2023 | JWT (Json Web Token) Audience aud versus Client_Id - What's the difference? beginner AuthN | Reference on the JWT `aud` (Audience) claim, clarifying its role in identifying intended recipients and the responsibility of token processors to validate this claim. It explains that `aud` can be a string or array of strings, application-specific, and optional, unlike the unrelated OAuth Client ID. The document highlights its use case for distinguishing access from refresh tokens and stresses that recipient validation of the `aud` claim is crucial for its effectiveness. → stackoverflow.com |
| 2023-05-09 2023 | All About Attacking JWT intermediate | All About Attacking JWT https://ift.tt/8Rcdsfp |
| 2023-04-02 2023 | JSON Web Tokens Vulnerabilities and Exploitation. intermediate | JSON Web Tokens Vulnerabilities and Exploitation. https://ift.tt/cAwTj6v |
| 2023-04-02 2023 | JWT [JSON WEB TOKENS] [EXPLANATION & EXPLOITATION] (0x02) intermediate | JWT [JSON WEB TOKENS] [EXPLANATION & EXPLOITATION] (0x02) https://ift.tt/Pk0dAUM |
| 2021-11-03 2021 | Introducing CookieMonster: a tool for breaking stateless authentication intermediate AuthN | Tool that detects broken stateless authentication, such as insecure JWTs or framework-specific session cookies from Django, Flask, and Laravel. CookieMonster, written in Go for high performance, can decode and unsign cookies, and even resign them with modified content. It supports automated scanning pipelines and manual testing, offering real-time alerting for thousands of requests per second, significantly improving on the limitations of earlier tools like Flask-Unsign. |
| 2021-10-14 2021 | These are the security issues with JWT beginner AuthN | Reference detailing security issues with JWTs, highlighting the impossibility of revocation and the need for custom solutions for logouts or permission adjustments. It discusses storage vulnerabilities like XSS and CSRF, referencing OWASP's recommendations for hardened cookies and their implications. The article emphasizes JWT suitability for stateless applications, as per the OWASP JWT Cheat Sheet, and contrasts them with traditional session tokens. |
| 2021-09-13 2021 | The Wonderful World of Tokens and Claims: CWT beginner AuthN | The Wonderful World of Tokens and Claims: CWT |
| 2021-07-19 2021 | Where to Store the JSON Web Token (JWT)? intermediate AuthN | This content explores secure storage options for JSON Web Tokens (JWTs) in web applications. It highlights the trade-offs between client-side (e.g., browser local storage, session storage, cookies) and server-side storage. Key considerations include vulnerability to Cross-Site Scripting (XSS) attacks for client-side storage and potential for token hijacking. The article likely delves into best practices and recommended approaches to mitigate these risks and maintain the security of JWTs. Specific payout amounts for bug bounties are not mentioned. |
Frequently Asked Questions
- What is JWT algorithm confusion?
- Algorithm confusion (also called key confusion) exploits servers that accept multiple JWT signing algorithms. The classic example: a server expects an RS256 (asymmetric) signature but accepts HS256 (symmetric). An attacker switches the alg header to HS256 and signs the token using the server's RSA public key as the HMAC secret — turning a verification key into a signing key.
- What is the JWT "none" algorithm vulnerability?
- The JWT specification allows an alg value of "none", meaning the token is unsigned. Some libraries historically accepted this even for tokens that should have been verified, letting an attacker forge any payload. Modern libraries reject "none" by default, but the bug periodically resurfaces in custom implementations and lesser-used languages.
- Should I store JWTs in localStorage or cookies?
- Both have tradeoffs. localStorage is vulnerable to XSS — any script on the page can read the token. Cookies with HttpOnly, Secure, and SameSite=Strict prevent XSS theft but introduce CSRF risk if not handled. For most applications, HttpOnly cookies with proper CSRF defenses are the safer choice. Refresh-token rotation and short JWT lifetimes reduce the impact either way.
Weekly AppSec Digest
Get new resources delivered every Monday.