FixVibe

// 密钥 / 聚焦

JWT Integrity (alg confusion, weak secrets)

If your JWT verifier trusts the token's own header, it will believe whatever the attacker types.

概要

JSON Web Tokens are the standard auth-state-in-a-cookie of the 2020s, and they fail in predictable ways. The flaws aren't in the spec; they're in the verifiers, which were too forgiving for too long. The result: a small set of attacks that have worked across thousands of production codebases — alg=none, key confusion, weak secret brute-force, key-id traversal. They all boil down to the same root cause: trusting metadata that the attacker controls.

運作方式

A JWT is three base64url segments — header.payload.signature. The header includes an `alg` field declaring how the signature was computed. Older verifier libraries read `alg` and dispatch to the matching verification routine. Tell them `alg: "none"` and they'd happily accept an unsigned token. Tell them `alg: "HS256"` (symmetric HMAC) when you've previously been signing with `RS256` (asymmetric RSA), and many libraries would use your *public* key as the HMAC secret — which the attacker has, because it's public. The third path is brute force: HS256 with a weak secret like `secret`, `changeme`, or your project name is crackable in seconds.

變種

alg: none

Attacker forges a token with header `{"alg":"none"}` and an empty signature. Naive verifiers skip signature checking. Fixed in most libs by 2017 but still appears in custom verifiers.

RS256 → HS256 confusion

Token claims symmetric algorithm; verifier hands the public key to HMAC.verify as if it were a shared secret. Attacker, who has the public key, signs forgeries with it.

Weak HMAC secret

A 6-char dictionary word as the signing secret falls to GPU-accelerated cracking in under a minute. Hashcat eats these for breakfast.

kid header traversal

Tokens reference a key by `kid`. If your app reads that header and uses it as a file path or SQL parameter, the attacker can point you at a key they control.

影響范圍

A forged JWT is full impersonation. Account takeover for any user the attacker can name, role escalation by setting `admin: true` in the payload, bypass of any authorization that trusts the JWT's claims. If your JWT is the auth token for an API, the attacker is the API.

// fixvibe 檢查的內容

FixVibe 檢查的內容

FixVibe checks shipped client assets for high-confidence secret exposure signals and known credential formats. Reports identify the affected asset and rotation path. For check-specific questions about exact detection heuristics, active payload details, or source-code rule patterns, contact support@fixvibe.app.

铁壁防御

Pin the algorithm in your verifier — never read `alg` from the token. If you support multiple algorithms, dispatch on a server-side decision (e.g. by issuer), not on the token's self-description. Use HS256 only with a high-entropy random secret (≥32 bytes from a CSPRNG); use RS256/ES256 for anything cross-service. Rotate keys on a schedule and treat compromise as a planning exercise, not a fire drill. Validate the `aud`, `iss`, `exp`, `nbf` claims on every verification. Don't put authorization decisions inside JWT claims you re-fetch from the database; treat the token as identity, not as authority.

// 在你自己的應用上跑一遍

放心继續發布,FixVibe 持續幫你看守風险。

FixVibe 像攻击者一樣對你的應用公開面进行压力测試 —— 无代理、无安裝、无信用卡。我們持續研究新的漏洞模式,并把它們转化成实用检查和可直接用于 Cursor、Claude、Copilot 的修複方案。

密钥
39
本類别中触發的测試
模塊
5
專属 密钥 检查
每次扫描
487+
跨所有類别的测試
  • 免费 —— 无需信用卡,无需安裝,无需 Slack 通知
  • 只需粘贴 URL —— 我們爬取、探测、生成報告
  • 按严重程度分级,去重至只剩信號
  • AI-ready prompts where code applies, plus operator steps for DNS/provider fixes
運行免费扫描

// 最新检查 · 实用修複 · 安心發布

JWT Integrity (alg confusion, weak secrets) — 漏洞聚焦 | FixVibe · FixVibe