Black & White Path
Jun 26, 2026 · Information Security
Step‑by‑Step Guide to Exploiting JWT Vulnerabilities
This article dissects common JWT weaknesses—including the None algorithm, missing signature verification, algorithm/key confusion, CVE‑2018‑0114 parsing bugs, kid‑parameter injection, and weak‑key brute‑forcing—showing how attackers manipulate tokens and offering concrete code‑level demonstrations.
CVE-2018-0114JWTNone algorithm
0 likes · 10 min read
