mirror of
https://github.com/Shiva108/ai-llm-red-team-handbook.git
synced 2026-07-10 22:43:42 +02:00
docs: Improve JWT vulnerability section headings and code block formatting.
This commit is contained in:
@@ -1010,7 +1010,7 @@ JSON Web Tokens (JWT) are self-contained tokens that carry authentication and au
|
||||
|
||||
A JWT consists of three parts separated by dots:
|
||||
|
||||
```
|
||||
```text
|
||||
header.payload.signature
|
||||
```
|
||||
|
||||
@@ -1146,14 +1146,14 @@ JWTs are stateless, but you can maintain a blacklist of revoked `jti` values (in
|
||||
- Account is compromised
|
||||
- Permissions change
|
||||
|
||||
**Common JWT Vulnerabilities:**
|
||||
### Common JWT Vulnerabilities
|
||||
|
||||
**1. Algorithm Confusion (alg=none)**
|
||||
#### 1. Algorithm Confusion (alg=none)
|
||||
|
||||
- **Attack**: Change `alg` to `none`, remove signature
|
||||
- **Defense**: Always specify `algorithms` parameter in decode
|
||||
|
||||
**2. Weak Secret Keys**
|
||||
#### 2. Weak Secret Keys
|
||||
|
||||
```python
|
||||
# ❌ Bad: Easily brute-forced
|
||||
@@ -1163,7 +1163,7 @@ secret_key = "secret123"
|
||||
secret_key = secrets.token_urlsafe(64)
|
||||
```
|
||||
|
||||
**3. No Expiration**
|
||||
#### 3. No Expiration
|
||||
|
||||
```python
|
||||
# ❌ Bad: Token never expires
|
||||
@@ -1173,7 +1173,7 @@ payload = {'user_id': 123} # Missing 'exp'
|
||||
payload = {'user_id': 123, 'exp': time.time() + 3600} # 1 hour
|
||||
```
|
||||
|
||||
**4. Storing Sensitive Data**
|
||||
#### 4. Storing Sensitive Data
|
||||
|
||||
```python
|
||||
# ❌ Bad: JWT payloads are Base64-encoded, NOT encrypted
|
||||
@@ -1183,7 +1183,7 @@ payload = {'user_id': 123, 'password': 'secret123'} # Visible to anyone!
|
||||
payload = {'user_id': 123, 'permissions': ['read']}
|
||||
```
|
||||
|
||||
**5. Not Validating Claims**
|
||||
#### 5. Not Validating Claims
|
||||
|
||||
```python
|
||||
# ❌ Bad: Accept any valid JWT
|
||||
|
||||
Reference in New Issue
Block a user