EDDSA vulnerability in Monocypher

This exercise covers the exploitation of a vulnerability impacting Monocypher.

1-2 Hrs.
Brown Badge


In this lab, we delve into a vulnerability found in the Monocypher library that affects the EDDSA algorithm, as detailed in an advisory. This vulnerability allows an attacker to forge a JWT signature and bypass the authentication mechanism. The process involves creating a JWT payload that incorporates a signature of all zeroes, which exploits the flawed implementation.

Through a series of steps, including registering a user, modifying the JWT payload, and generating a valid signature using 64 NULL bytes, the attacker can gain admin privileges. This lab highlights the significance of understanding cryptographic flaws and demonstrates a methodical approach to exploiting such vulnerabilities. By following the provided instructions, participants will learn to effectively manipulate JWTs and understand the implications of cryptographic weaknesses.

Want to learn more? Get started with PentesterLab Pro! GO PRO