JWT Failed to verify Signature
Since server is not validating the JWT signature the attacker can tamper with the payload of JWT and access protected resources
Broken User Authentication (BUA)
How this template works
The template uses API selection filters to specify the criteria for selecting the requests to be executed. In this case, it filters requests based on the response code being between 200 and 299, and also checks if the request headers contain a JWT (JSON Web Token).
The template uses the "execute" section to define the type of request to be executed. In this case, it is a single request. It also specifies that the authentication header should be replaced with an invalid signature token, which is obtained from the "auth_context.invalid_signature_token" variable.
The template uses the "validate" section to define the criteria for validating the response. In this case, it checks if the response code is between 200 and 299, indicating a successful request.
Frequently asked questions
What is the purpose of the "JWT_INVALID_SIGNATURE" category in this test
How does the server respond when an invalid JWT signature is provided
What is the impact of exploiting the JWT_INVALID_SIGNATURE vulnerability
What is the "NO_AUTH" category in this test
What are some tags associated with this test
Can you provide some references for further reading on the JWT_INVALID_SIGNATURE vulnerability