JWT

JWT Attacks

Description

JWT (JSON Web Token) attacks exploit vulnerabilities in the implementation or usage of JWTs, allowing attackers to forge tokens, manipulate claims, or perform other malicious actions.

Example with Scenario

Scenario: A web application uses JWTs for user authentication. An attacker can exploit weak signing algorithms or insecure storage to forge tokens and gain unauthorized access.

Payloads and Test Cases

Payloads

1. None Algorithm Attack:

   Copy

   {
     "alg": "none"
   }

2. Brute Force HMAC Secret:

   Copy

   {
     "header": {
       "alg": "HS256",
       "typ": "JWT"
     },
     "payload": {
       "user": "admin"
     },
     "signature": "generated_signature"
   }

3. Claim Manipulation:

   Copy

   {
     "header": {
       "alg": "HS256",
       "typ": "JWT"
     },
     "payload": {
       "user": "attacker",
       "admin": true
     },
     "signature": "generated_signature"
   }

Test Cases

1. None Algorithm Attack:

   • Payload:

   • Test Case:

2. Brute Force HMAC Secret:

   • Payload:

   • Test Case:

3. Claim Manipulation:

   • Payload:

   • Test Case:

Mitigation

1. Use Strong Secrets:

   • Use strong, random secrets for signing JWTs.

   • Avoid using weak or easily guessable secrets.

2. Validate Tokens Properly:

   • Always validate the token signature and claims.

   • Reject tokens with invalid or missing signatures.

3. Enforce Algorithm Constraints:

   • Enforce the use of secure algorithms (e.g., HS256, RS256).

   • Reject tokens with the 'none' algorithm or other weak algorithms.

4. Secure Token Storage:

   • Store JWTs securely on the client side (e.g., HTTP-only cookies).

   • Avoid storing tokens in local storage or other insecure places.

5. Implement Expiry and Revocation:

   • Implement token expiry and refresh mechanisms.

   • Provide a way to revoke tokens when necessary.