Malleability of ECDSA (and DSA) signatures, JWTs, etc.
Published:
This blog posts explains that ECDSA and DSA signatures are malleable, that JWTs can be malleable as well and how this can be used to bypass some broken implementations of JWT deny lists (for revocation of JWTs or anti-replay protection).