EDDSA vulnerability in Monocypher
This exercise covers the exploitation of a vulnerability impacting Monocypher.
In this lab, we delve into a vulnerability found in the Monocypher library that affects the EDDSA algorithm, as detailed in an advisory. This vulnerability allows an attacker to forge a JWT signature and bypass the authentication mechanism. The process involves creating a JWT payload that incorporates a signature of all zeroes, which exploits the flawed implementation.
Through a series of steps, including registering a user, modifying the JWT payload, and generating a valid signature using 64 NULL bytes, the attacker can gain admin privileges. This lab highlights the significance of understanding cryptographic flaws and demonstrates a methodical approach to exploiting such vulnerabilities. By following the provided instructions, participants will learn to effectively manipulate JWTs and understand the implications of cryptographic weaknesses.