3 JWAT Attacting JWT

3 JWAT Attacting JWT

Louis
louis@pentesterlab.com

JWS

used for:
OAuth
Session
manage trust
password rest
stateless

Acronyms

  • JOSE
  • JWT, JWE, JWS, JWK, JWA

signature gives you integrity, encrpytion gives you confiden

JWT Compact

  • seperated by dot .

jwt.io

  • header, payload, signature
  • start with eyj (means encrypted)

algorithm

payload

exp expiration time
nb not before
iss issue
sub subject

signature

sign (header +. + payload) +. + base 64 encode the signature
(picture)

1
2
3
4
HMACSHA256(
base64UrlEncode(header) +"." +
base64UrlEncode(payload), secret
)

verifying a JWT

  1. split the token based on dots
  2. base64 decode each part
  3. parse the json for the header and payload
  4. retrieve algorithm from the header
  5. verify the signature based on the algorithm
  6. verify the claims

Attack

the key is by-passing the sign

  • not checking the signature
  • none algorithm
  • trivial secret
  • kid injectiong (key id)
    • decode payload to get key id, by pass and sql injection through it

the None Algorithm

  1. get a token
  2. decode the header and change the algorithm to None
  3. decode and tamper with the payload
  4. keep or remove the signature
  5. profit

Trivial Secret

  • get a token
  • brute for thr secret until you get the same signature
  • tamper with the payload
  • resign the token using the secret

Recommendation (picture)

JWT is insucure in design.

  • use strong key and secrets
  • do not store them in your source code
  • make sure you have key rotation built-in
  • review the libraries you pick (KISS library)
  • make sure you checkon the signature
  • make sure your token will expire
  • enforthe the algorithm

back to the future

  • if you read some of the JWS RFC, you probably learnt about jku and x5u parameter for headers
  • peoplae are starting to use JKU (JWK url)