Cracking JWTs: A Bug Bounty Hunting Guide [Part 7]

In the seventh and final post in aiding “Cracking JWTs: A Bug Bounty Hunter’s Guide” series, Aditya Bhatt demonstrates how to obtain administrative control via JWT algorithm confusion, without needing to disclose the private key.
The flaw occurs when an application accepts an asymmetric RS256 token but tries to verify it using a symmetric HS256 process, with the consequence that the public key is treated as a secret, enabling token forgery via HMAC manipulation.
The attacker needs to capture two JWTs from different sessions, derive the public key using a known text tool, tamper with the header to change the algorithm, and use the public key as the HS256 secret to sign it again, which will now be accepted by the server as a valid administrator’s request.
PortSwigger’s “Algorithm Confusion via No Key” lab demonstrates the exploit. The solution is to implement stricter token verification and not to assume a symmetric key for an asymmetrically signed token.

Fast Feed