Published: 31/05/2018 Updated: 09/10/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 358

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

Since "algorithm" isn't enforced in jwt.decode()in jwt-simple 0.3.0 and previous versions, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jwt-simple project jwt-simple

Explore and learn about JWT vulnerabilities through hands-on security labs. Perfect for cybersecurity enthusiasts, developers, and learners!

JWT Hacking Lab 🛠️ Welcome to the JWT Hacking Lab! This project is a fantastic hands-on playground designed to help you dig deep into the world of JSON Web Token (JWT) security 😎 🚀 Labs and Learning Objectives 🎯 Our labs, each focusing on a specific JWT-related vulnerability, are as follows: Secrets Under the Rug: Exploiting Weak HMAC Secrets 🤫: This lab tea

Powershell JWT module

Powershell JWT module Description Create, validate and decode JWT in PowerShell easily Supported algorithms: Symmetric Key HS256 HS384 HS512 Asymmetric Key RS256 RS384 RS512 Install This module is published on the PowerShell Gallery To install it, you can run the following command: Install-Module powershell-jwt To update an instal

Exploiting the CVE-2016-10555

jwtToken-CVE-2016-10555 Exploiting the CVE-2016-10555 Tried to use the jwt_tool located here but ran into some issues: githubcom/ticarpi/jwt_tool The code uploaded was taken from the above to accomplish what I needed Was working with Mutillidae and needed to manipulate the JWT token Created the jwtMutillidaepy to conduct the UserID manipulation

JWTexploit JWTexploit is a script that takes a JWT in entry, modifies its signature to HS256 and signs it with the public key of the domain given More information about the exploit here : nvdnistgov/vuln/detail/CVE-2016-10555 Usage python3 JWTexploit -h HOSTNAME -j JWT Example: python3 JWTexploit -h examplecom -j eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9eyJzdWIiOiIxMjM0

Change the algorithm RS256(asymmetric) to HS256(symmetric) - POC (CVE-2016-10555)

Change the algorithm RS256(asymmetric) to HS256(symmetric) - POC (CVE-2016-10555) The algorithm HS256 uses the secret key to sign and verify each message The algorithm RS256 uses the private key to sign the message and uses the public key for authentication If you change the algorithm from RS256 to HS256, the back end code uses the public key as the secret key and then uses t

HTB-Under-Construction Vào dịp cuối năm trong lúc mọi người đang bận rộn dọn dẹp nhà cửa, sắp sửa đồ mới đón tết thì mình nhận được một challenge HackTheBox ở mức medium từ một người anh vừa mới quen qua một nhóm học tập trên facebook Challenge này cho m&

CWE-310 https://nodesecurity.io/advisories/87 https://github.com/hokaccha/node-jwt-simple/pull/16 https://github.com/hokaccha/node-jwt-simple/pull/14 https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/https://nvd.nist.gov https://github.com/mxcezl/JWT-SecLabs

CVE-2016-10555

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect