Lua-Resty-JWT Authentication Bypass

insinuator.net

cross-posted to:
cybersecurity@sh.itjust.works

Lua-Resty-JWT Authentication Bypass

insinuator.net

Branquinho@lemmy.eco.br to

cybersecurity@infosec.pubEnglish · 2 years ago

cross-posted to:
cybersecurity@sh.itjust.works

I was writing some challenges for PacketWars at TROOPERS22. One was intended to be a JWT key confusion challenge where the public key from an RSA JWT should be recovered and used to sign a symmetric JWT. For that, I was searching for a library vulnerable to JWT key confusion by default and found lua-resty-jwt. The original repository by SkyLothar is not maintained and different from the librar ...

You must log in or # to comment.

Chat