Three New Attacks Against JSON Web Tokens
JSON Web Tokens (JWTs) have become omnipresent tools for web authentication, session management and identity federation. However, some have criticized JWT and associated Javascript Object Signing and Encryption (JOSE) standards for cryptographic design flaws and dangerous levels of unnecessary complexity. These have arguably led to severe vulnerabilities such as the well-known “alg“:“none“ attack....
By: Tom Tervoort
Full Abstract and Presentation Materials: #three-new-attacks-against-json-web-tokens-31695
3 weeks ago 00:24:28 1
1 month ago 00:06:02 1
2 months ago 00:01:06 2
2 months ago 00:00:31 2
2 months ago 00:54:39 1
2 months ago 00:38:56 2
3 months ago 00:01:24 2
3 months ago 00:02:01 1
3 months ago 00:04:15 1
3 months ago 00:08:36 1
3 months ago 01:28:19 44
3 months ago 00:03:11 1
3 months ago 00:50:41 3
3 months ago 01:16:00 9
3 months ago 00:03:51 1
3 months ago 00:10:44 1
3 months ago 00:01:16 1
3 months ago 01:41:54 1
3 months ago 00:04:02 1
3 months ago 00:04:43 37
3 months ago 00:03:21 1
3 months ago 00:02:06 1
3 months ago 00:11:05 1
4 months ago 00:13:37 1
