Brute-forcing secret keys
Default Secret key used - JWT HS256 secret value is secret
secret
Signing a new token with the “none” algorithm
Changing the signing algorithm of the token (for fuzzing purposes)
Signing the asymmetrically-signed token to its symmetric algorithm match (when you have the original public key)
Last updated 2 years ago
