Share
## https://sploitus.com/exploit?id=464CB843-42D7-5B33-9270-3AD0F0BE7D96
# CVE-2022-39227 JWT Authentication Bypass Demo

## Project Goal

This project demonstrates CVE-2022-39227 in a controlled local lab environment. The vulnerability affects python-jwt versions before 3.3.4 and may allow JWT claim forgery without knowing the secret key.

## Technologies

- Python
- Flask
- python-jwt 3.3.3
- python-jwt 3.3.4
- Requests

## Demo Flow

1. Login as a regular user.
2. Receive a valid JWT.
3. Try to access the admin endpoint with the original token.
4. Observe 403 Forbidden.
5. Forge the token claims.
6. Access the admin endpoint in the vulnerable version.
7. Repeat the same attack against the fixed version.
8. Observe that the forged token is rejected.

## How to Run with Docker (Recommended)

1. Ensure Docker Desktop is running.
2. Run the following command to start both vulnerable (port 5000) and fixed (port 5001) versions:
   ```bash
   docker-compose up -d --build
   ```
3. Run the attack simulation against both containers:
   ```bash
   python attack_demo.py
   ```

## How to Run Manually (Local Virtual Environments)

**Vulnerable Version (Terminal 1):**
```bash
python -m venv venv-vuln
venv-vuln\Scripts\activate
pip install -r requirements-vuln.txt
python app.py
```

**Fixed Version (Terminal 2):**
```bash
python -m venv venv-fixed
venv-fixed\Scripts\activate
pip install -r requirements-fixed.txt
python app.py
```

## Ethical Scope

This project was conducted only in a local controlled laboratory environment. No third-party systems, public services, or real user accounts were targeted.

## Mitigation

Upgrade python-jwt to version 3.3.4 or later. Applications should also validate JWT signatures strictly and enforce authorization checks on the server side.