CVE-2018-0114

An attacker embeds a new key in the header of the token and the server uses this new key to verify the signature (CVE-2018-0114).

This can be done with the "JSON Web Tokens" Burp extension. (Send the request to the Repeater, inside the JSON Web Token tab select "CVE-2018-0114" and send the request).

Using jwt_tool

python3 jwt_tool.py [JWT_HERE] -X i

PreviousJWT Signature - Disclosure of a correct signature (CVE-2019-7644)NextASP.NET Core Cookie Authentication

Last updated 1 year ago