Code Review 03

This exercise is one of our challenges to help you learn how to review real source code

2-4 Hrs.


In this challenge, participants are tasked with reviewing the source code of a JSON Web Token (JWT) verifier that supports the JSON Key URL (`jku`). The main focus of the challenge is to identify a logic bug within the verifier, rather than exploiting common vulnerabilities like bypassing the signature mechanism.

You will be provided with full control over the token and its attributes, and your objective is to pinpoint the exact location of the vulnerability in the code. By carefully analyzing the source code, you will need to submit the specific file path and line number where the weakness is found. This exercise underlines the importance of thorough code review in identifying potential security flaws that may have significant impacts.

Want to learn more? Get started with PentesterLab Pro! GO PRO