Intro

What is jwt ?

<aside> 💡

JWT stands for JSON Web Token. It is a format used for sending cryptographically signed data between systems, commonly used in authentication, access control mechanisms, and session handling.

</aside>

JWT Format

<aside> 💡

A JWT consists of three parts:

1. Header: Base64-encoded metadata about the token itself
2. Payload: Base64-encoded "claims" about the user
3. Signature: Created by encoding the header and payload

The process to sign an unsigned token is as follows:

unsignedToken = encodeBase64(header) + '.' + encodeBase64(payload)

signature_encoded = encodeBase64(HMAC-SHA256("secret", unsignedToken))

</aside>

What are JWT attacks?

<aside> 💡

JWT attacks involve malicious actors modifying JWTs to achieve unauthorized goals, such as:

bypassing authentication or circumventing access controls

</aside>

What is impact of JWT attacks ?

1. Privilege escalation
2. Cross-Site Request Forgery (CSRF) when used in cookies
3. Session theft through Cross-Site Scripting (XSS) attacks
4. can exploit kid to execute RCE

How to Prevent JWT Attacks

1. Ensure proper signature verification