Topics tagged under "webappsec"

The digital town square for the concert band community.

Connect with local ensembles, trade repertoire insights, and keep the pulse of the wind band world.

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

R

🔓 Weak JWT secrets are still happening in production in 2024.
Watching Ignoring Scheduled Pinned Locked Moved World jwt webappsec pentesting
1

0 Votes

1 Posts

0 Views

R

Weak JWT secrets are still happening in production in 2024.If your target uses JWT, try:1. Decode at jwt.io — check algo & claims2. Change algo to "none" → send without signature3. Brute force the secret using hashcat:hashcat -a 0 -m 16500 <jwt> /wordlistTool: jwt_tool by ticarpi — supports many JWT attack vectors at once.You'll be surprised how many still use the secret "password" or "secret123".#jwt #webappsec #pentesting

🔓 Weak JWT secrets are still happening in production in 2024.