JWT Algorithm Confusion with ECDSA Public Key Recovery

Bookmarked!

This exercise covers the exploitation of algorithm confusion when no public key is available with a ECDSA key

PRO Hard 1-2 Hrs. 38

Course

This course details the exploitation of a weakness in JSON Web Tokens (JWT) used for authentication. The lab demonstrates how to manipulate the algorithm used for signing JWTs to gain unauthorized access.

Skills covered

Injection Authentication Cryptography

Topics

JWT

Included with PRO

Full course content 4 videos

Ready to practice?

Get access to this lab and 600+ hands-on exercises with a PRO subscription.

Go PRO or create a free account