AllAboutSecurityFeb 17

JWT-Authentifizierung umgehbar: Sicherheitslücke im OpenID Connect Authenticator für Apache Tomcat

Im Rahmen eines Kundenprojekts haben IT-Sicherheitsexperten von ERNW Research eine Schwachstelle in der Bibliothek OpenID Connect Authenticator für Apache Tomcat identifiziert, die es erlaubt, die JWT-basierte Authentifizierung durch gezielt manipulierte, unsignierte Tokens zu umgehen.

https://www.all-about-security.de/jwt-authentifizierung-umgehbar-sicherheitsluecke-im-openid-connect-
authenticator-fuer-apache-tomcat/

#jwt #JSONWebToken #apache #apachetomcat #token

JWT-Authentifizierung umgehbar: Sicherheitslücke im OpenID Connect Authenticator für Apache Tomcat

Im OpenID Connect Authenticator für Tomcat (v2.0.0–2.5.0) können Angreifer die JWT-Signaturprüfung mit unsignierten Tokens umgehen. Patch fehlt bisher.

All About Security Das Online-Magazin zu Cybersecurity (Cybersicherheit). Ransomware, Phishing, IT-Sicherheit, Netzwerksicherheit, KI, Threats, DDoS, Identity & Access, Plattformsicherheit
Philip ThomasSep 2, 2025

n8n Webhooks schützen: Basic, Header und JWT Auth erklärt

https://www.youtube.com/watch?v=DC8Ay9flaZc

#n8n #ki #automatisierung #automation #webhooks #jsonwebtoken #jwt #deutsch #tutorial

n8n Webhooks schützen: Basic, Header und JWT Auth erklärt

YouTube
Hacker NewsMay 25, 2025

Ten Years of JSON Web Token (JWT) and Preparing for the Future

https://self-issued.info/?p=2708

#HackerNews #JSONWebToken #JWT #TenYears #TechTrends #FuturePreparation

Ten Years of JSON Web Token (JWT) and Preparing for the Future – Mike Jones: self-issued

Tedi HeriyantoSep 9, 2023

Scott Arciszewski's post on How to Write a Secure JWT Library If You Absolutely Must: https://scottarc.blog/2023/09/06/how-to-write-a-secure-jwt-library-if-you-absolutely-must/

#jwt #jsonwebtoken #cryptography #jws

How to Write a Secure JWT Library If You Absolutely Must

I am famously not a fan of JSON Web Tokens (JWT). Like most cryptography and security experts familiar with JWT, I would much rather you use something else if you can. I even proposed a secure alte…

Semantically Secure
Joey de Villa 🪗May 16, 2023

Follow the JWT (JSON Web Token) Rabbit, collect all 13 pieces, and share your badge! It’s all part of Okta’s Developer Days, taking place today and tomorrow.

#Auth0 #Okta #Identity #DigitalIdentity #authorization #authentication #online #conference #DevDay #DeveloperDay #JWT #JSONWebToken #ScavengerHunt

https://developer.auth0.com/resources/challenges

Auth0 Developer Challenges

Learn identity and security concepts by solving fun puzzles.

Show threadJadeApr 13, 2023

Here's the crate, FYI: https://github.com/JadedBlueEyes/jsonwebtoken. It's going pretty well.

Tags:
#Rust #JsonWebToken #cryptography

GitHub - JadedBlueEyes/jsonwebtoken: JWT lib in rust

JWT lib in rust. Contribute to JadedBlueEyes/jsonwebtoken development by creating an account on GitHub.

GitHub
JadeApr 13, 2023
I implemented support for RSA-PSS padding in my #JsonWebToken crate today. I feel no closer to understanding crypto at all.
Show threadaegilopsJan 28, 2023

Ding, dong, the CVE is dead! 

The JWT nodejs "vulnerability" from December, popularised at the start of January, has been recognised as a non-issue 🫥

I'm really glad to see it gone. Hoping we get a rash of news stories to follow up on the torrent 🌊 that followed the Unit 42 blog...

I'm not sure if its removal was down to me raising an issue on the GitHub Advisory Database  to ask for it to be removed.

#jwt #cve #errata #cve_2022_23529 #auth0 #unit42 #jsonwebtoken

👨‍💻 ⇑⇑⇓⇓⇐⇒⇐⇒BAJan 23, 2023

Ziemlich gut und ausführlich erklärt, wieso man JWT nutzen sollte:   https://medium.com/swlh/why-do-we-need-the-json-web-token-jwt-in-the-modern-web-8490a7284482

#jsonwebtoken #jwt #bookmark #fueraufmklo

Why do we need the JSON Web Token (JWT) in the modern web?

Hold on tight: the HTTP protocol is terribly flawed(*) and when it comes to user authentication this problem screams loudly. For a long time we, as developers, fought with it: sometimes with good…

The Startup
N_{Dario Fadda} Jan 14, 2023

Online la seconda puntata del 2023 di #NINAsec !

Si parla degli impatti di #JsonWebToken e della sua vulnerabilità, poi di #infostealers che stanno agitando le loro campagne malevole anche in Italia ⤵️

https://buttondown.email/ninasec/archive/bugs-in-jsonwebtoken-e-spyware-su-phishing-anche/

Bugs in JsonWebToken e spyware su phishing anche in Italia

Buon sabato e ben ritrovato caro cyber User. Siamo alla seconda settimana di questo 2023, ma l'anno è iniziato sicuramente con un passo abbastanza...