~/tags/jwt

#jwt

Everything on KSAL currently grouped under the #jwt tag.

1 total entries 0 blog posts 1 writeups

Web Sep 14, 2025

Admin Panel Bypass via JWT Algorithm Confusion

BSides Prishtina 2025

A JWT authentication challenge where switching the algorithm from RS256 to HS256 and signing with the server's own public key grants unrestricted admin access.

javelin #jwt #web #authentication #algorithm-confusion #rs256 #hs256 Web