JWT (JSON Web Token) Attacks

JWTs are widely used for authentication. They consist of Header.Payload.Signature. If the signature is not validated correctly, attackers can forge tokens and impersonate any user - including admins.

Ready Click Next Step to explore common JWT vulnerabilities and how attackers exploit them.

JWT Token

          eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0In0.SflKxwRJSMeKKF2QT4fwpMeJf36POk
        

Header . Payload . Signature

Attack Status

Algorithm -

Sig Valid -

Role Claimed -

Outcome -

JWT Claims

sub -

username -

role -

exp -

Event Log