JSON Web Token (JWT)
Service Name: JSON Web Token
Service Description: JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.
Service Address: https://jwt.io/
Validation Type: API Auth
IP Allow list: Does not exist at the token level. IP restrictions would need to be implemented at the application or service level that consumes the JWT.
Secret Access Scope: Grants authentication and authorization to protected resources. The scope depends on the claims contained within the JWT and how the receiving application interprets them.
Secret Revokement URL: Does not exist directly. JWTs are typically revoked by: 1. Setting a short expiration time 2. Implementing a token blacklist/database 3. Changing the signing key
Secret Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Suspicious Activity Investigation Instructions:
- Decode the JWT to examine its claims and verify if they match expected values.
- Check for unusual IP addresses or locations in access logs where the JWT was used.
- Look for abnormal usage patterns or access to resources not typically accessed.
- Verify if the JWT was used after its expected expiration time
- Check for multiple failed authentication attempts before successful JWT usage
Mitigation Instructions:
- Rotate the JWT signing key/secret immediately
- Update the JWT signing algorithm to a more secure one if necessary (e.g., from HS256 to RS256)
- Implement or update token blacklisting to invalidate all currently active tokens
- Reduce token expiration times to limit the window of vulnerability
- Add additional claims to tokens such as IP binding or device fingerprinting
- Implement multi-factor authentication for sensitive operations
- Review and update JWT validation logic to ensure proper signature verification