## https://sploitus.com/exploit?id=464CB843-42D7-5B33-9270-3AD0F0BE7D96
# CVE-2022-39227 JWT Authentication Bypass Demo
## Project Goal
This project demonstrates CVE-2022-39227 in a controlled local lab environment. The vulnerability affects python-jwt versions before 3.3.4 and may allow JWT claim forgery without knowing the secret key.
## Technologies
- Python
- Flask
- python-jwt 3.3.3
- python-jwt 3.3.4
- Requests
## Demo Flow
1. Login as a regular user.
2. Receive a valid JWT.
3. Try to access the admin endpoint with the original token.
4. Observe 403 Forbidden.
5. Forge the token claims.
6. Access the admin endpoint in the vulnerable version.
7. Repeat the same attack against the fixed version.
8. Observe that the forged token is rejected.
## How to Run with Docker (Recommended)
1. Ensure Docker Desktop is running.
2. Run the following command to start both vulnerable (port 5000) and fixed (port 5001) versions:
```bash
docker-compose up -d --build
```
3. Run the attack simulation against both containers:
```bash
python attack_demo.py
```
## How to Run Manually (Local Virtual Environments)
**Vulnerable Version (Terminal 1):**
```bash
python -m venv venv-vuln
venv-vuln\Scripts\activate
pip install -r requirements-vuln.txt
python app.py
```
**Fixed Version (Terminal 2):**
```bash
python -m venv venv-fixed
venv-fixed\Scripts\activate
pip install -r requirements-fixed.txt
python app.py
```
## Ethical Scope
This project was conducted only in a local controlled laboratory environment. No third-party systems, public services, or real user accounts were targeted.
## Mitigation
Upgrade python-jwt to version 3.3.4 or later. Applications should also validate JWT signatures strictly and enforce authorization checks on the server side.