Hacking JSON Web Tokens
Understand common methods attackers use to hack JSON Web Tokens, including brute force attacks, algorithm manipulation, and misconfigurations. This lesson helps you recognize risks and implement precautions to protect JWT integrity and secure your web applications.
We'll cover the following...
At this point, we have discussed the ins and outs of JWTs. We have seen how they are generated, validated, and how their keys are managed. We have also discussed what would happen if an attacker steals our JWT. But there is one thing which we have not discussed yet: is it possible for an attacker to create a JWT (without knowing your secret key or private key) and making you believe that this is a valid token?
In other words, is it possible for an attacker to change the data within a token, and have it still be validated by our server? Unfortunately, there are some ways through which an attacker can do ...