Yeah, as he said at 4:42

What "verifying" means here is, - Decrypt the signature from the JWT which gives Hash(Header + Payload). Let's call this H1 - Compute a new hash by appending Header + Payload from the JWT. Let's call this H2 - Compare H1 and H2 and verify they match. So, technically it is "decrypting". Although, on a broader scope - I agree it would be more appropriate to call it "verifying" the signature.

Thanks a lot

Thx

Thanks

yasss.. when there are RBAC based actions.. but most of them rely on the token itself.. without querying db for every new req..

So just a validation can prevent it

@@Param3021 verify signature.. and only issue RS256 tokens..

it's not just about roles, many servers store user id as sub to identify which user is making the requests. If you can change that you can essentially use someone else's account

​@@phaneendhraajaythota1025and why would you do that?

That's what i thought, He created a problem and gave a solution xD

@emax75 actually he didn't create that problem he is actually using a website for learning purpose which is just like a mission to hack and punish the developer mistake

why it is fail ? Add I do not think developers use role parameter with JWT. Instead use database and check it is good idea.

You should not confuse "RSA signing" and "RSA encryption". They both use the same underlying RSA algorithm but they serve different purposes. JWT use RSA in signing mode, not in encryption mode. In the RSA signing scheme, the private key is used to sign the message, the public key is used to verify the message. > PS and why not just use HS256 The reason you would prefer RS256 over HS256 is because HS256 uses HMAC which is a symmetric signing algorithm. This means that both signers and verifiers needs to know the same secret to respectively sign and verify. This means that you need to pre-share the secret between signer and verifiers (or come up with a key exchange procedure, which is probably a bad idea to implement yourself.) Honestly, I can't really see a reason to pick HS256 over RS256, but maybe someone will be able to elaborate on why you would want to use it.

@@jean-naymar602 for example, for the web, JWT is used to authenticate the user, if he makes a request to the site, then the cookies will contain JWT, which has information about the user, but still the JWT is always checked by the server, not the user, there is no point in first checking JWT on the client side (not safe) and then on the server side (takes 2 times longer)

@@jean-naymar602 ""I can't really see a reason to pick HS256 over RS256, but maybe someone " what you said is true reason why is performance (due to all exponentiation and modulus calculations) in ssh for example we gen tokens for our employees in HS265 cuz RS256 for our on-premise uses a lot of computation power .. and we run a lot of commands over ssh (during docker-compose for dev, terraform, when getting anything from the registry like npm or pip or docker, running a workflow/ephermial env to do some CI...etc etc) so we actually gen the key locally then copy past it to the server (all this within premise, so nothing really leaves the company network) and we use that on our own password manager (also on-premise)

Then why use JWT and not sessions?

@@mrlectus Absolutely! Sessions and cookies should be used for stateful sessions. Saving JWT token defeats their purpose.

> Storing JWTs in a database So sessions with extra steps.

what the shit is going on your head. storing jwt in db???

Another victim of youtubers with their "why you should use Jwt" videos

as a backend dev you should know already tbh its just a frontend thing unless the backend is an open api with 0 permission checks every request requiring permissions those permissions need to be checked

@@dogefluvial7697 depending on what you said l won't face this vulnerability if I specified the premissions and used the honeypot so it's more simple than I expected

Prob just by using frameworks from 2024

You should be safe from this kind of attack in almost all modern JWT libraries. Ignore the fool that say to check the permission before accessing an API route, they clearly either have not worked with JWT before to know how JWT is actually utilized to authorize users' actions or they completely missed the mark on the point of a JWT algorithm confusion attack.

don't watch this channel

Asymmetric Encryption vs. Signing 1. Asymmetric Encryption: In traditional asymmetric encryption, you encrypt a message with a public key and decrypt it with a private key. This ensures confidentiality. 2. Digital Signatures: When you sign data (like a JWT), you create a hash of the data and then encrypt that hash with your private key. This process doesn’t provide confidentiality but instead ensures integrity and authenticity. Chat GPT

@@karthikg_09 you cannot

You should probably re-learn what the RSA signing scheme is then... Private keys are used to sign, public keys are used to verify. Not the other way around. That's the whole point of signing: only a trusted party should be able to sign (thus they use the PRIVATE key), everybody should be able to verify the authenticity of the message (thus they use the PUBLIC key). bruh

​​​​@@jean-naymar602Yeah true, but hes still right about not being able to hack it like this if you dont go out of your way to make dumb decisions such as allow both hsa256 and rsa256 if someone attempts to change payload, and then they have to sign with the only key they have access to, the public key, it will no longer verify the new jwt when the backend attempts to verify it via the public key. Tldr rsa256 jwt public key cannot verify a jwt signed with the same public key If you allow both hsa256 and rsa256, thats the error, not some vulnerability in jwt.

@@jean-naymar602 When i say "server uses private key to VERIFY" it essentially means to sign in. There is only one job of the server i.e to sign in(as you used the word sign in) or some might use the word verify, authenticate which is essentially the same thing wrt server

no

Furthermore, this attack will not work if you keep the key secret, as you should.

its found on cokies or localstorage on client (browser)

Anywhere for sure 😹😹😹😹

HTTP only cookies only prevent JavaScript from modifying the cookies. You can still generate a malicious cookie and replace it manually in the browser. Doesn't matter though. You just need to fake a request at the end of the day. If not browser, use a different client.

Nope you can decode jwt without private key

That's not how JWT tokens work. Data you put is just base64 encoded. You can decode it and get the data.

You can absolutely decode a JWT. You just cannot change the JWT without having the correct private key that only the server knows and used to sign the JWT

So confident yet so wrong...

Somebody skipped the Encoding/Decoding classes

You mean algordem?

@@crooked8168 you would normally be right about decrypting with the private key. However, in jwt what's done is SIGNING, not ENCRYPTION. That means that you may want many services to be able to "decrypt" (check the signature), but only one service may encrypt (sign). So, when signing, the private and public keys are opposite from when encrypting