Showing results for “jwt”
16 results found
-
JSON Web Token
[Exercise]This exercise covers the exploitation of a signature weakness in a JWT library.
-
JSON Web Token II
[Exercise]This exercise covers the exploitation of an issue with some implementations of JWT
-
JWT III
[Exercise]This exercise covers the exploitation of an issue in the usage of JWT token
-
JWT IV
[Exercise]This exercise covers the exploitation of a vulnerability similar to the recent CVE-2017-17405 impacting Ruby Net::FTP
-
JWT V
[Exercise]This exercise covers the exploitation of a trivial secret used to sign JWT tokens.
-
JWT VI
[Exercise]This exercise covers the exploitation of an injection in the kid element of a JWT. This injection can be used to bypass the signature mechanism
-
JWT VII
[Exercise]This exercise covers the exploitation of a website using JWT for session without verifying the signature
-
JWT VIII
[Exercise]This exercise covers how to use the jku header to bypass an authentication based on JWT.
-
JWT IX
[Exercise]This exercise covers how to use the jku header to bypass an authentication based on JWT.
-
JWT X
[Exercise]This exercise covers how to use the jku header to bypass an authentication based on JWT.
-
JWT XI
[Exercise]This exercise covers how to use the jku header to bypass an authentication based on JWT.
-
JWT XII
[Exercise]This exercise covers how to use the x5u header to bypass an authentication based on JWT.
-
JSON Web Token XIII
[Exercise]This exercise covers the exploitation of algorithm confusion when no public key is available
-
CVE-2018-0114
[Exercise]This exercise details the exploitation of a vulnerability in Cisco's node-jose, a JavaScript library created to manage JWT
-
CVE-2022-21449
[Exercise]This exercise covers the exploitation of CVE-2022-21449 against a Java Application relying on JWT
-
JSON Web Token XIV: Algorithm Confusion with ECDSA
[Exercise]This exercise covers the exploitation of algorithm confusion when no public key is available with a ECDSA key