Skip to content
attack.paths
Anmelden
← LibraryTechnique entry
W-JWT-WEAKCredential Access

JWT — Weak HMAC Secret

HS256 with a guessable / leaked secret — crack with hashcat -m 16500 and forge tokens.

§ Where this technique fits

W-JWT-WEAK is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.