JWT Security Overview

Jul 15, 2025

Overview

This lecture explains how attackers exploit JSON Web Tokens (JWTs) to bypass authentication in web applications, covering common attacks and real-world examples.

JWT Basics

  • A JWT consists of a header, payload, and signature, all Base64-encoded and separated by dots.
  • JWTs are verified by the backend to authenticate users; valid signatures grant access.
  • Two main signing algorithms are used: HS256 (shared secret) and RS256 (private/public key pair).

Common JWT Attacks

  • None Algorithm Attack: Setting the algorithm to "none" and removing the signature may trick poorly configured servers into accepting any token.
  • Cracking HS256 Secrets: Weak or default secrets (e.g., "secret1", "jwt123") can be brute-forced using common password lists.
  • Payload Manipulation: After cracking the secret, attackers can alter payload data (like user roles) and re-sign tokens for unauthorized access.

Advanced Techniques: Algorithm Confusion

  • In RS256, the server mistakenly accepts tokens signed with HS256 if the algorithm is not properly validated.
  • Attackers can switch the algorithm to HS256 and use the RS256 public key (sometimes exposed) as the secret to forge tokens.
  • This happens when the server trusts the header's algorithm value without enforcing security checks.

Real-World Attack Example

  • Tokens issued by a development site (app-dev.site.com) can sometimes be reused on production if both share the same signing key.
  • Developers exposing dev environments with weaker restrictions may give attackers valid tokens for production systems.
  • Shared signing keys between dev and prod environments are a critical security flaw enabling account takeover.

Broader Token Attacks & Frameworks

  • Other frameworks (Django, Flask, Express) use signed cookies or tokens vulnerable to brute-force attacks with predictable secrets.
  • Tools like Cookie Monster can automate brute-forcing secrets for signed cookies.
  • Always fingerprint the backend to discover which signing method and secrets are in use.

Key Terms & Definitions

  • JWT (JSON Web Token) — A compact, token-based authentication format using signature verification.
  • HS256 — A symmetric signing algorithm using a shared secret for token signing and verification.
  • RS256 — An asymmetric signing algorithm using a private key to sign and a public key to verify.
  • HMAC (Hash-based Message Authentication Code) — A cryptographic method ensuring data integrity and authenticity.
  • Algorithm Confusion — An attack exploiting mismatches or lack of validation in the token's algorithm.

Action Items / Next Steps

  • Practice identifying JWT signing algorithms and test for weaknesses in dev/staging environments.
  • Try brute-forcing weak JWT secrets using common wordlists.
  • Explore and fingerprint alternative authentication mechanisms in web apps, like signed cookies in various frameworks.

Full transcript