Information Security News

Tag: cracking JSON Web Tokens

  • jwt_tool: A toolkit for testing, tweaking and cracking JSON Web Tokens

    jwt_tool: A toolkit for testing, tweaking and cracking JSON Web Tokens

    by

    ddos
    in

    The JSON Web Token Toolkit jwt_tool.py is a toolkit for validating, forging, scanning and tampering JWTs (JSON Web Tokens). Its functionality includes: Checking the validity of a token Testing for known exploits: (CVE-2015-2951) The alg=none signature-bypass vulnerability (CVE-2016-10555) The RS/HS256 public key mismatch vulnerability (CVE-2018-0114) Key injection vulnerability (CVE-2019-20933/CVE-2020-28637) Blank password vulnerability (CVE-2020-28042) Null signature vulnerability Scanning for misconfigurations or known weaknesses Fuzzing claim values to…