Vulnerable JWT implementations
Article: Attacking JWT authentication.
Demo pages:
Attacks:
- Change the algorithm from HS256 to none.
- Change the algorithm from RS256 to HS256, and use the public key as the secret key for the HMAC.
- Crack the HMAC key using John the Ripper.