Home
Blogs
Bookmarks
Forums
Hackathons
Search

Author

Write
Drafts

New
Bug0 - The AI-native e2e QA regression testing Bug0 Browsers - Cloud Chromium on demand, per-minute, live preview Passmark - The open-source AI framework for regression testing Changelog Brand @hashnode on X Hashnode on LinkedIn Code of Conduct Support - hello+support@hashnode.com
Sign in
Terms Privacy Sitemap
© 2026 LinearBytes Inc.

Search Hashnode

Search posts, tags, users, and pages

Discussion on "Exploiting JWT - Lack of Signature Verification" | Hashnode

Discussion

Aditya Dixit

Security Researcher

Aug 6, 2020

Exploiting JWT - Lack of Signature Verification

TL;DRHere goes the short PoC - WebApp using JWT for authentication. Removed the signature - Signature is not being verified - Token still works. Modified and Re-encoded payload to get an Account takeover.PS: Header was untouched - "alg": "HS256" A ...

blog.dixitaditya.com3 min read

Responses

No responses yet.

Most discussed in Forum

J
My website is not working, and i want solution
36S P5d ago
V
Is Claude Better Than ChatGPT?
15J P C2d ago
B
In today's context, buy or build software?
4F J P6d ago
V
BREAK THE SYSTEM ..
13S T3d ago
K
breaking apps hackathon open router key
12I3d ago

View all threads

Recent in Forum

J
Why does stolen crypto keep moving across wallets after a scam?
47m ago
T
DDNS Outages Break More Than Websites: A Practical Backup Strategy for Developers & Homelabs
2h ago
T
I built a React component playground where you own every generated file
111h ago
M
I built LLM Aggregator: aggregate RSS feeds and summarise them with LLMs
12h ago
R
Hi, I'm Ruva
113h ago

View all threads