CVE-2018-0114

This exploit generates a malicious JWT token for CVE-2018-0114, leveraging a vulnerability in Cisco node-jose <0.11.0 to forge a signed token with arbitrary payloads. It uses RSA key generation and signing to bypass authentication mechanisms.

This repository contains a Go-based tool for testing and exploiting various JWT vulnerabilities, including CVE-2020-28042 (empty signature attack). It supports multiple attack modes such as modifying the algorithm to 'none', signature validation bypass, and key injection.

This PoC exploits CVE-2018-0114 in the Cisco node-jose library by embedding a public key in the JWT header and re-signing the token with the corresponding private key, allowing token forgery. The script generates RSA key pairs, crafts a malicious JWT, and signs it to bypass verification.

This repository provides a detailed explanation and steps for exploiting CVE-2018-0114, a vulnerability in Cisco's node-jose library that allows JWT token forgery by embedding public keys in the token header. It includes technical details and references to external resources for further understanding.

This exploit leverages CVE-2018-0114 in the node-jose library by embedding a public key in the JWT header and signing the token with the corresponding private key, allowing an attacker to forge valid JWS objects.

This PoC exploits CVE-2018-0114 in the Cisco node-jose library by embedding a public key in the JWT header and signing the token with the corresponding private key, allowing token re-signing. It generates a forged JWT token with attacker-controlled payloads.

This repository contains a comprehensive JWT security testing toolkit with functional exploit code for multiple CVEs, including CVE-2018-0114 (Key Injection). It includes modules for JWT analysis, cracking, forging, and advanced attacks like algorithm confusion and psychic signatures.

This PoC demonstrates CVE-2018-0114 by generating a malicious JWT with an embedded public key in the header, allowing an attacker to re-sign tokens using their own key pair. It creates a valid JWS object by embedding a public key in the header and signing it with the corresponding private key.

This PoC demonstrates a JWT authentication bypass vulnerability (CVE-2018-0114) by generating a malicious JWT token with a self-signed RSA key. It exploits weak key validation in the target system to forge an admin token.

This repository contains a Go-based proof-of-concept for CVE-2018-0114, which exploits a JWT authentication bypass vulnerability by embedding a public key in the JWT header and signing the token with a corresponding private key. The tool generates a malicious JWT token with arbitrary claims (e.g., 'admin') to demonstrate the vulnerability.

This repository contains a Python-based tool that exploits CVE-2018-0114, a JWT authentication bypass vulnerability. The tool automates the generation of malicious JWT tokens by injecting attacker-controlled public keys into the JWT header, allowing arbitrary claims to be signed and verified by the server.

This PoC exploits CVE-2018-0114 by embedding a public key in the JWT header and re-signing the token with the corresponding private key, bypassing authentication. It generates a new RSA key pair and crafts a malicious JWT token.

This PoC demonstrates JWT (JSON Web Token) exploitation techniques, specifically targeting CVE-2018-0114 by manipulating JWT headers and payloads using various methods (jwk, jku, x5c). It includes functions to generate RSA keys, certificates, and craft malicious JWTs for potential authentication bypass.

This PoC exploits CVE-2018-0114, a vulnerability in Cisco's node-jose library before 0.11.0, allowing an unauthenticated remote attacker to re-sign tokens using an embedded key. The script generates a malicious JWT token with an embedded public key, demonstrating the authentication bypass.

This PoC exploits CVE-2018-0114 by crafting a malicious JWT token with embedded RSA public key parameters, allowing an attacker to bypass authentication. It generates or loads RSA keys, encodes them, and signs a payload to create a forged JWT.