pentesterlab.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-22.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-04-22 2026 | CVE-2026-23993: JWT Authentication Bypass in HarbourJwt via Unknown algJWT | Writeup of CVE-2026-23993 details an authentication bypass vulnerability in HarbourJwt. The flaw occurs when an unrecognized JWT algorithm value in the header causes signature verification to be bypassed because the `GetSignature` method returns an empty string for unknown algorithms, leading to a successful string comparison during verification. This allows attackers to forge tokens with an empty signature, bypassing cryptographic checks. |
| 2026-04-19 2026 | How JWT Libraries Block Algorithm Confusion: Code Review LessonsJWT | Library code review lessons demonstrate how JWT libraries block algorithm confusion attacks. Vulnerabilities arise when applications incorrectly verify tokens, allowing attackers to manipulate the `alg` header. Libraries like brianvoe/sjwt and Corviz/jwt mitigate this by supporting only HMAC. Others, such as garyf/json_web_token and nowakowskir/php-jwt, enforce algorithm matching between the header and the verification call. The auth0/java-jwt library employs a defense-in-depth approach, first verifying header-algorithm consistency and then relying on the developer-specified algorithm for verification. jpadilla/pyjwt detects improper use of public keys with HMAC algorithms. |
| 2026-04-11 2026 | The Ultimate Guide to JWT Vulnerabilities and AttacksJWT | Library detailing JSON Web Token (JWT) vulnerabilities and attacks, including signature verification failures, the "none" algorithm bypass, weak secret brute-forcing for HS256, and algorithm confusion attacks like RS256 to HS256 swaps and ES256 to HS256 swaps. The resource provides hands-on exercises for practicing these exploits, covering common implementation flaws and defense strategies. |
| 2026-04-10 2026 | PentesterLab: Another JWT Algorithm Confusion Vulnerability (CVE-2024-54150)JWT | Writeup of CVE-2024-54150, detailing an algorithm confusion vulnerability in the xmidt-org/cjwt library. The flaw occurs when the library fails to properly distinguish between HMAC and asymmetric signature verification, allowing an attacker to use an HMAC signature with an RSA public key. This technique can lead to unauthorized access by exploiting weak signature validation. |
| 2026-04-10 2026 | PentesterLab: SSRF in PDF GenerationSSRF | PentesterLab: SSRF in PDF Generation |
| 2026-04-10 2026 | Deserialization Gadget Chain DefinitionDeser | Library defines Deserialization Gadget Chains, a technique exploiting insecure deserialization by chaining existing application code fragments to achieve remote code execution. Unlike injecting new code, this method abuses legitimate, benign code through reflection and method invocation, as exemplified by the CommonsCollections chain. |