JWT Tokens and Signature Bypass

JSON Web Tokens (JWT)

Definition:

JWT is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object and can be digitally signed or MACed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.

JWT Structure:

A JWT typically looks like xxxx.yyyy.zzzz and is divided into three parts:

Header: Describes the type and the algorithm used.
Payload: Contains the claims and additional data.
Signature: To verify if the message wasn't changed along the way.

Insecure JWT Implementation:

One of the common vulnerabilities with JWTs arises when the alg (algorithm) header is changed from a cryptographic algorithm to none, and the application accepts it. This means the token will have no signature, allowing anyone to craft tokens.

Example:

Given a JWT with header:

json

{
  "alg": "HS256",
  "typ": "JWT"
}

An attacker might change "alg": "HS256" to "alg": "none" and remove the signature, potentially tricking the server into accepting an unsigned token.

Secure JWT Implementation:

To secure the JWT implementation:

Algorithm: Always explicitly verify the algorithm used for the token and never trust the algorithm declared in the token header.
Secret Key: Use a strong, unique secret key for HMAC or use a robust public/private key pair for RSA/ECDSA. Never expose the secret or private key.
Expiration: Always set an expiration for your tokens (exp claim) to ensure they're not valid indefinitely.
Libraries: Use well-maintained JWT libraries like jsonwebtoken for Node.js, pyjwt for Python, etc.
Avoid Sensitive Data: Don't store sensitive data in the payload unless it's encrypted, as it can be decoded easily.
Check Audience and Issuer: Use the aud and iss claims and validate them to ensure the token was intended for your application.
Reject None Algorithm: Ensure that your JWT processing library or your own code doesn't accept tokens with the none algorithm unless intended.

Code Examples:

Insecure JWT Verification (pseudo-code):

python

def verify_jwt(token, secret):
    header, payload, signature = token.split('.')
    if decode(header)["alg"] == "none" or verify_signature(token, secret):
        return payload
    return None

This is insecure because it accepts tokens with the none algorithm without a signature.

Secure JWT Verification (pseudo-code):

python

def verify_jwt(token, secret):
    header, payload, signature = token.split('.')
    if decode(header)["alg"] != "HS256":
        raise Exception("Invalid algorithm")
    if not verify_signature(token, secret):
        raise Exception("Invalid signature")
    return payload

This ensures that only tokens with the HS256 algorithm and a valid signature are accepted.

Conclusion:

JWTs offer a compact and efficient means to transfer data between parties. However, their implementation can be prone to vulnerabilities if not handled correctly. Proper validation, strong keys, and relying on well-established libraries are vital to using JWT securely.

PreviousInsecure Direct Object Reference NextOWASP Top 10

Last updated 2 years ago