tpaidakis

Example: Auth Bypass via JWT Algorithm Confusion

Fri, 15 Mar 2024 00:00:00 +0000

A critical authentication bypass in ExampleApp allowed any unauthenticated user to forge valid session tokens by exploiting algorithm confusion in JWT verification.

About

Mon, 01 Jan 0001 00:00:00 +0000

Offensive security engineer with a focus on penetration testing and vulnerability research. I spend most of my time breaking things — web apps, APIs, network infrastructure — and documenting what I find.

This site is where I publish writeups for vulnerabilities I discover, CVEs I get assigned, and other security topics worth putting down in writing. Everything here reflects my own research and opinions.

Background

I’ve worked across red team engagements, bug bounty programs, and dedicated vulnerability research. My primary interest is in finding logic flaws and design-level weaknesses rather than purely technical exploitation — the kind of bugs that slip through even when the code looks right at a glance.

Vulnerability Disclosure Policy

Mon, 01 Jan 0001 00:00:00 +0000

This page describes how I handle vulnerabilities I discover in third-party software and systems.

Principles

I follow a coordinated disclosure model. When I discover a vulnerability I contact the affected vendor privately, give them reasonable time to patch, and disclose publicly after that window has passed — regardless of whether a fix exists.

Timeline

90 days from the date of initial vendor notification to public disclosure.

If a patch is released before the 90-day window closes, I will publish the writeup shortly after the patch is publicly available. If the vendor is unresponsive or disputes the report, I reserve the right to disclose at 90 days with or without a fix.