🔥 3-day streak
CompTIA PenTest+ (PT0-003)52 / 175
Question 52 of 175
During an API assessment, you capture a JSON Web Token (JWT) used for authentication. Decoding it reveals a header of {"alg":"HS256","typ":"JWT"} and a payload containing {"user":"analyst","role":"user"}. You want to escalate to an administrative role. Which technique should you attempt FIRST to test for a common JWT verification flaw?
Reviewed for accuracy · Report an issueNext question