2 Videos for JSON Web Token None Algorithm

In this exercise, we cover a vulnerability in JSON Web Token (JWT) discovered by Tim Macklin in March 2015. This vulnerability is easy to exploit and highlights a fundamental design flaw in JWT.

In this exercise, we tamper with a JSON Web Token (JWT) to gain admin access in an application. By using Burp Suite to intercept and modify HTTP traffic, we exploit a vulnerability in the JWT library that allows us to bypass authentication.