RootRecon Logo
Back to Blog
Popular JWT Authentication Web Security

JWT Attacks: Breaking JSON Web Tokens in the Wild

RootRecon TeamNovember 5, 2024 8 min read

How JWTs Work

JWTs consist of a header, payload, and signature separated by dots...

The None Algorithm Attack

Some libraries accept unsigned tokens when the algorithm is set to 'none'...

Algorithm Confusion

Switching from RS256 to HS256 using the public key as a secret is a critical flaw...

Weak Secrets

JWTs signed with weak secrets can be cracked offline with hashcat...

PreviousIDOR Vulnerabilities: The Bug That Pays the Most on HackerOnePopularNext Nmap for Pentesters: Beyond the BasicsLatest