JWTs are quickly becoming the preferred format for securely exchanging data between clients and intermediaries as they have lower latency for authentication, don’t need a centralized database, are stateless in nature, and provide exemplary implementations to prevent nefarious activities.
This article will provide a comprehensive overview of JSON Web tokens, how it works, and the various JWT-related attacks.
- Failing to verify Signature
- None Algorithm attack
- Weak HMAC keys
- Algorithm Confusion Attack
- Attacks using the “jku” Parameter
- Abusing the kid Parameter
- Other Miscelleanous Issues
