JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. JWT is widely used technology specially for API's authentication. This PPT describes about security concerns with JWT..
2. WhoAM I?
Just a Security Enthusiast
Was Functional tester by chance..
Now, Penetration tester by choice..
I feel Shy talking about myself
3. History behind JWT?
What is JWT and it’s structure?
Security concerns with JWT
Recommendations
Agenda
4. Have you ever seen data like this??
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIi
wibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF
2QT4fwpMeJf36POk6yJV_adQssw5c
Have you observed any pattern in the above value??
5. Let’s go back to History:
HTTP is Stateless
Select queryPost /login
User=Jay&pass=xyz
200 Ok
Set-cookie:Name=Jay
Found Jay
Browser Server
GET /profile
Cookie:name=Jay
/profile
Hi Jay
6. Select query
Post /login
User=Jay&&pass=xy
200 Ok
Set-cookie:sessionid=6swe.. Set id=6swe…[]
Get /homepage
Cookie:sessionid=6swe…
Browser Server
Storage where reference s
200 ok
response
Found Jay
Id=6swe
..
7. Is there any alternative approach instead of storing user’s
state at server side??
Statelessness
which is more preferable for API’s authentication where
Authentication can be done by one server(Authentication
server) and resource can be retrieved by another
server(resource server)
Example: Any single sign on implementation
9. A JSON Web Token (JWT) is a JSON
object that is defined in RFC 7519 as a
safe way to exchange set of information
between two parties. The token is
composed of a header, a payload, and a
signature.
What it JWT??
10. Structure of JWT??
Both Header and payload are base64 encoded values not encrypted Values..
So anyone can decode header and payload values..
11. {
"alg": "HS256",
"typ": "JWT"
}
In short header says what algorithm is
being used to create signature
Header : Header part contains Meta Data
12. Claims:
{
"iss": "Identifier of our Authentication
Server",
"iat": 1504699136,
"sub": "github|353454354354353453",
"exp": 1504699256
}
Payload: Actual data to be exchanged between
two parties
13. • aud (audience): Recipient for which the JWT is intended
• iss (issuer): Issuer of the JWT
• sub (subject): Subject of the JWT (the user)
• exp (expiration time): Time after which the JWT expires
• nbf (not before time): Time before which the JWT must not be accepted
for processing
• iat (issued at time): Time at which the JWT was issued; can be used to
determine age of the JWT
• jti (JWT ID): Unique identifier; can be used to prevent the JWT from
being replayed (allows a token to be used only once)
More Claims..
18. JWT is classified based on JOSE
JWT can be implemented in Two ways
1. JWS (JSON web Signature )
2. JWE (JSON web Encryption)
To mitigate information leakage vulnerability one has to
implement JWE
19. Decode header value and change ‘alg’ value as ‘none’
and encode it again.
Since we are changing algorithm as none, no need to
have signature value.. Let’s try..
Demo time:
http://demo.sjoerdlangkemper.nl/jwtdemo/hs256.php
Check if JWT supports ‘NONE’ as
algorithm
21. What could be possible hacks??
Bruteforcing is possible
Demo time with jwt.io
In case of symmetric algorithm key strength
of secret is very crucial.
If it weak, it can be easily brute forcible
using any brute forcing tools like (John the
ripper..)
What if Symmetric alg used?
22. Demo with RS256
What if Asymmetric alg used?
What if I convert alg value from ‘RS256’ to ‘HS256’ and
What if I consider public key as secret to create a signature??
23. Question is how to get Public key..!!
openssl s_client -connect
zonksec.com:443 | openssl x509 -pubkey
-noout
Get with the help if android application
exists
Conti..
24. Possibility of authorization bypass exists if developer’s
appends payload parameters into URL parameters..
Eg: Employee id parameter in both JWT token and as URL parameter
GET /Empinfo?employeid=544123
Host: xyz.com
Authorization:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0
NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwic3NuIjoiOTIzNDQ1Njc5IiwiZ
W1wbG95ZWlkIjoiNTQ0MTIzIiwiaWF0IjoxNTE2MjM5MDAyMn0.lLX7hN
kRJzZsk_4xuzmPZwStfVe8s20caJEOqpBcrlA
Note: This scenario mayn’t come into JWT’s security bucket but possibility of security threat is there if developers
transmits parameters values in both as part of JWT and as part of URL parameters
Authorization Bypass
26. Recommended to use Asymmetric algorithm to
create signature. Incase of symmetric algorithm key
has to be shared with resource server(if multiple
resource server’s exists it would be a problem..!!)
Use an appropriate Key size
Don’t pass sensitive data as part of JWT
Always verify ‘alg’ value at server side such that it
should not contains ‘none’ as value for ‘alg’ field
Recommendations