JWT Security Vulnerabilities and Protection

JWT Security Vulnerabilities and Protection

Description
JWT (JSON Web Token) is an open standard (RFC 7519) for authentication and authorization, consisting of three parts: Header, Payload, and Signature. Common vulnerabilities include missing signature verification, algorithm confusion, sensitive information leakage, key brute-forcing, etc. Attackers may exploit these vulnerabilities to forge tokens, escalate privileges, or steal data.

Solution Process

  1. Understanding JWT Structure

    • Header: Contains token type (e.g., "JWT") and signing algorithm (e.g., HS256, RS256). Example: 
      {"alg": "HS256", "typ": "JWT"}
    • Payload: Stores user information (e.g., user ID, role) and standard claims (e.g., expiration time). Example: 
      {"sub": "123", "role": "admin", "exp": 1630000000}
    • Signature: Signs the Base64-encoded header and payload to ensure token integrity. Formula:
      Signature = HMACSHA256(Base64(Header) + "." + Base64(Payload), Secret Key)

  2. Common Vulnerabilities and Attack Methods

    • Vulnerability 1: Missing Signature Verification

      • Issue: The server does not verify the JWT signature and directly trusts the decoded data.
      • Attack: Modify the payload (e.g., change "role": "user" to "role": "admin"), then reassemble the token to bypass permission checks.
      • Example: Original token Header.Payload.Signature → Tampered to Header.ModifiedPayload.(arbitrary string).

    • Vulnerability 2: Algorithm Confusion Attack

      • Issue: The server relies on the alg parameter in the JWT header to select the verification algorithm but does not enforce strict algorithm restrictions.
      • Attack:
        1. Change alg to none (if supported) and remove the signature part (e.g., Header.Payload.).
        2. Change an asymmetric algorithm (e.g., RS256) to a symmetric algorithm (e.g., HS256) and forge the signature using the public key as the secret key (since the server may misuse the public key to verify HS256 signatures).
      • Key Point: The attacker needs to obtain the server's public key (often exposed through public APIs).

    • Vulnerability 3: Sensitive Information Leakage

      • Issue: The JWT payload is only Base64-encoded (not encrypted) and can be directly decoded and viewed.
      • Attack: Decode the payload via Base64 to obtain sensitive information (e.g., passwords, key IDs).
      • Example: Decode payload eyJzdWIiOiIxMjMifQ using an online tool → {"sub": "123"}.

    • Vulnerability 4: Weak Keys or Key Brute-Forcing

      • Issue: Using weak keys (e.g., "secret") or short keys makes them vulnerable to brute-force attacks.
      • Attack: Use common key lists (e.g., with John the Ripper) to attempt signature verification.

  3. Protection Measures

    • Enforce Signature Verification: The server must verify the signature and reject tokens without a signature or with invalid signatures.
    • Fix the Algorithm: Enforce a specific verification algorithm in the code (e.g., only allow RS256), ignoring the alg parameter in the JWT header. 
      # Bad Example: Relying on client-submitted alg
decoded = jwt.decode(token, key, algorithms=["HS256", "RS256"])
# Good Example: Fixed algorithm
decoded = jwt.decode(token, key, algorithms=["RS256"])
    • Avoid Storing Sensitive Information: Store only necessary information (e.g., user ID) in the payload; keep sensitive data on the server.
    • Use Strong Keys: Symmetric keys (HS256) must be sufficiently long (≥256 bits); asymmetric algorithm (RS256) private keys must be kept strictly confidential.
    • Additional Protections:
      • Set short expiration times (e.g., 15 minutes).
      • Use a blacklist mechanism to revoke tokens.
      • Validate standard claims (e.g., exp, iss).

  4. Practical Detection Steps

    • Step 1: Decode the JWT header and payload using Base64 to check for sensitive information.
    • Step 2: Modify the payload content and send a request to observe if it is rejected (to verify signature validation).
    • Step 3: Attempt to change alg to none or HS256 and re-sign the token using the public key.
    • Step 4: Use scanning tools (e.g., jwt_tool, Burp Suite JWT Editor plugin).

Through the above analysis, JWT-related vulnerabilities can be systematically identified and defended against to ensure the security of the authentication mechanism.