Share
## https://sploitus.com/exploit?id=DABB81F8-B135-5BB3-A657-89F3AFF9423D
# CVE-2022-21449
repo showcasing generation of a base64 signature for applications that are vulnerable to "psychic signatures in java"

Before running make sure to install the modified fork of elliptic from https://github.com/davwwwx/elliptic
```BASH
$ npm install
```

Generate the signature
```BASH
$ node index.js
```

![PoC](/run.png)


Get an example vulnerable application from DataDog/security-labs-pocs - [https://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/jwt-null-signature-vulnerable-app](https://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/jwt-null-signature-vulnerable-app)