Posted by Paragon Initiative Enterprises Security Team on Aug 13

__Background__

Once upon a time, the Auth0 team demonstrated several attacks against JWT
libraries that are still found to this day. You can read about their
research here:
https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/

Or for a more fun spin on the issue, you can just check
https://www.howmanydayssinceajwtalgnonevuln.com

The two issues that were identified there were alg=none and substituting
HMAC over an…
Read More – Full Disclosure


By |2021-08-13T17:19:05-04:00August 13th, 2021|