This exercise covers the exploitation of algorithm confusion when no public key is available

< 1 Hr.
Brown Badge


This course details the exploitation of a vulnerability in JSON Web Token (JWT) used for authentication. Upon successful login, a JWT is issued in a cookie. The course explores how the application uses RSA for signing tokens and how an attacker can manipulate the algorithm to HMAC. By doing this, the public key, which is actually public, can be used to generate a valid signature, thereby bypassing the authentication mechanism.

The course guides you through the process of decoding the JWT, altering the algorithm, and changing the username to 'admin'. It also explains the JWT format and the significance of the base64-encoded header and data. Additionally, it provides resources and code to retrieve potential public keys from signed tokens. By following this exercise, you will learn how to tamper with JWTs for unauthorized access, emphasizing the importance of secure algorithm selection in authentication systems.

Want to learn more? Get started with PentesterLab Pro! GO PRO