InfoSec Blog

tags Archives

BAC

ServiceStack JWT signature verification bypass

02/11/2020

Re-discovering a JWT Authentication Bypass in ServiceStack

ServiceStack in version 5.9.2 almost silently patched a vulnerability which allowed to bypass JWT signature.

2

Min