Topics Covered
- What are JWT Tokens ?
- What is the structure of JWT Tokens ?
- How Attackers Use It To Bypass Authentication ?
- How to Mitigate JWT Tokens Attack ?
What are JWT Tokens ?
JSON Web Token (JWT) is a self-contained method for securely transferring data between parties. This information has been digitally signed, making it verifiable and trustworthy. JWTs are encrypted using the RSA or ECDSA encryption method and signed with a secret key or public/private pair. Authenticated JWT Tokens can be used to validate the data contained in tokens.A JWT is created by the server and sent to the client after login, where it is stored in a cookie or other local storage. In the Authorization header of subsequent requests, the client sends the JWT back to the server. The server then determines if the user is permitted to carry out the requested action by verifying the signature and extracting the data from the payload.
Let’s look at the history of RSA and ECDSA encryption.
RSA is a public-key encryption algorithm that is widely used for secure communication and authentication. It was invented by Ron Rivest, Adi Shamir, and Leonard Adleman in 1977 and is named after their surname. The security of RSA is based on the difficulty of factoring large prime numbers. Specifically, the private key is derived from the product of two large prime numbers, which are meant to be kept secret. The security key of RSA relies on the fact that it is very difficult to factor large numbers into their prime factors.
Elliptic Curve Digital Signature Algorithm (ECDSA) is a sort of cryptographic-based digital signature algorithm. In numerous applications, including those involving cryptocurrencies, digital certificates, and encrypted messaging, it is used for secure communication and authentication.
What is the structure of JWT Tokens ?
As Above Image we can see there is three part of an JWT Tokens Lets Discuss it in Detail
- Header
Header part contains the details of token like which algorithm is used and type of token
- Payload
Payload part of JWT contains sensitive information example like username password or id of user.
- Signature
Signature part of the token contains the encryption so data cant be tampered between sender and receiver
Lets See How one Encoded Token Looks Like:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9(.)eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkhBQ0tMSURPIiwiaWF0IjoxMTIyMzM0NDU1fQ(.)8cb2vhyq_PhO8Kq14s2qbaTo8Wlou3emcm6iTs9Up14
Lets break down above token
Header : eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
Payload : eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkhBQ0tMSURPIiwiaWF0IjoxMTIyMzM0NDU1fQ
Signature : 8cb2vhyq_PhO8Kq14s2qbaTo8Wlou3emcm6iTs9Up14
How Attackers Bypass JWT Authentication ?
There Are Many Methods to bypass JWT Authentication. Lets See Few Example:
JWT Injection :
Attackers can change a JWT token’s contents to get around authentication, much like they could change a user ID to gain admin access to a particular website.
Token theft :
A JWT token can be taken from an authorised user and used by attackers to impersonate them. Cross-site scripting (XSS), MITM (Man in the Middle) attacks, or phishing attacks can be used to do this.
Ignore Signatory Validation
Attackers can circumvent authentication by changing the token signature via a vulnerability in the JWT library or signature validation code to avoid signature verification and produce a forged token if the JWT token signature validation is not implemented correctly.
Counterattacks
Attackers have the ability to repeatedly access critical resources by using a seized JWT token.
How to Mitigate JWT Token Attacks ?
There are server-side ways to mitigate JWT tokens. Let’s talk about it.
Use strong and unique secret keys to sign JWT tokens; these keys should be long and random.
Implementing proper validation to verify the authenticity of the JWT tokens before accepting them and by checking the signature of the token to ensure that it has not been tampered with.
To be safe, we can use session management to implement token expiration and revocation after a set period of time.
Rate-Limiting Helps prevent the user from entering the password an unlimited number of times.
By using HTTPS (Hyper Text Transfer Protocol Secure), it ensures that tokens sent to the server are encrypted and can’t be leaked between the client and server.
Making use of Multi-factor authentication. You are protected from token stealing attacks if you use two-factor authentication.
Ensure that JWT libraries and dependencies are up-to-date and that any known vulnerabilities are addressed.
By taking these measures, you can improve the security of your website’s authentication and reduce the risk of attacks.
Hope you liked the blog and learned along. Let me know if you have any doubts.
Twitter handle: Kartik Gohil
Thanks Guys!