In the intricate world of cybersecurity, JSON Web Tokens (JWTs) have become a popular method for managing authentication and authorisation in web and mobile applications. While JWTs offer a streamlined way to handle user sessions and information exchange, they are not immune to security risks. At NeedSec, a leading penetration testing provider in the UK, we have explored the depths of JWT vulnerabilities and their implications. In this post, we unravel the security risks associated with JWTs and demonstrate how they can be exploited through real-life examples and walkthroughs.
Understanding JWTs and Their Importance:
JWTs are compact, URL-safe tokens used to represent claims securely between two parties. They are commonly used in Single Sign-On (SSO) scenarios and have three parts: Header, Payload, and Signature. The Header typically specifies the token type and algorithm, the Payload contains the claims, and the Signature ensures the token’s integrity.
Common Security Risks in JWTs
- Insecure Signature Algorithms: JWTs support various algorithms for signing tokens. Vulnerabilities arise when tokens use weak algorithms like ‘none’ or ‘HS256’ (HMAC using SHA-256) with a weak secret key, making them susceptible to tampering.
- Lack of Proper Validation: Failure to validate the JWT correctly can lead to multiple security issues. For instance, not verifying the ‘exp’ (expiration time) claim can result in tokens being valid indefinitely.
- Exposed Sensitive Information: Storing sensitive information in a JWT payload without proper encryption can lead to data exposure, as the payload is encoded but not encrypted.
Exploiting JWT Vulnerabilities
- The None Algorithm Hack
- In some JWT implementations, setting the algorithm in the Header to ‘none’ and removing the Signature part can sometimes lead to successful authentication.
- Real-Life Example: During an engagment, we tested a web application which failed to verify the algorithm used in the JWT. We were able to leverage this to change the Header algorithm to ‘none’, removing the need for a signature, and thereby gain access.
- Signature Stripping Attack:
- Here, the attacker intercepts a JWT and removes the signature, attempting to trick the server into accepting it as a validly signed token.
- Real-Life Example: During an engagment, we stripped the signature from a JWT, modified the Payload (e.g., changing the user role), and sent it back to the server. This was successful, allowing for privilege escalation.
- Brute Forcing the Secret Key:
- When JWTs use weak secret keys, these can be brute-forced to reveal the key, allowing an attacker to generate valid JWTs.
- Real-Life Example: Using tools like John the Ripper or Hashcat, we can brute-force a weak secret key (HS256 JWT), gaining the ability to create and sign new tokens.
- Cross-Site Scripting (XSS) and JWT Stealing:
- If a web application is vulnerable to XSS, attackers can steal JWTs stored in the browser and use them to impersonate users.
- Real-Life Example: An XSS vulnerability on a web page allowed NeedSec to inject a script that sends the user’s JWT to the our controlled server, enabling account takeover.
Mitigating JWT Security Risks
- Use Strong Signature Algorithms: Opt for robust algorithms like RS256 (RSA Signature with SHA-256) and ensure strong secret keys.
- Implement Proper Validation Checks: Always validate the token’s signature, check the ‘alg’ header to prevent algorithm tampering, and verify other claims like ‘iss’, ‘sub’, ‘aud’, and ‘exp’.
- Avoid Storing Sensitive Data: Do not store sensitive or private information in JWTs unless it is encrypted.
- Keep JWTs Secure: Store tokens securely using HTTPS, implement token expiration, and consider using refresh tokens for extended sessions.
JWTs, while efficient, carry inherent security risks that can be exploited by attackers. Understanding these vulnerabilities and how they can be leveraged in an attack is crucial for cybersecurity professionals. At NeedSec, we use our expertise in penetration testing to identify and mitigate these risks, ensuring that our clients’ applications are secure and resilient against such threats. Remember, security is not a one-time effort; it’s an ongoing process of vigilance, adaptation, and improvement.