Skip to content

JWT algorithm confusion

Description

We sent a token with an invalid algorithm and it was accepted by the server. In this case, HS256 (HMAC with SHA-256) is a symmetric algorithm, which means that the same key is used to sign and verify the token.

Remediation

You must enforce the algorithm used to sign the token.

GraphQL Specific

Apollo Ensure that the Apollo framework is configured to only accept a secure and explicit list of algorithms for JWT validation. Avoid using 'none' or any algorithm not intended for your application. Implement checks to reject JWTs with 'alg' headers that don't match the expected algorithm. It's also recommended to use a library that provides strong defaults and has been well-reviewed for security.
Yoga To mitigate the JWT algorithm confusion vulnerability in the Yoga framework engine, ensure that the server explicitly verifies the JWT token using a secure and expected algorithm. Do not rely on user input for selecting the algorithm. Configure the JWT library to reject tokens that do not specify a matching algorithm (e.g., 'HS256'). Additionally, implement proper error handling to reject any tokens that fail verification.
Awsappsync Ensure that the AWS AppSync GraphQL API is configured to use only secure and recommended algorithms for JSON Web Tokens (JWTs). Avoid using the 'none' algorithm, and do not allow the algorithm to be specified by the user. Implement strict server-side checks to enforce the expected algorithm, such as HS256 or RS256, and validate the JWT signature accordingly. Regularly review and update the cryptographic practices to align with current best practices and recommendations.
Graphqlgo To mitigate the JWT algorithm confusion vulnerability in a GraphQL Go framework engine, ensure that the server explicitly verifies the JWT 'alg' header against a whitelist of allowed algorithms. Do not rely on client-supplied parameters for selecting the algorithm. Implement strong checks to compare the algorithm in the JWT header with the expected algorithm. If the algorithm does not match the expected one, reject the token and log the attempt. Additionally, consider using a well-maintained JWT library that provides built-in protections against this type of attack.
Graphqlruby To mitigate the JWT algorithm confusion vulnerability in a GraphQL Ruby framework engine, ensure that the server explicitly verifies the JWT token using a secure, server-side defined algorithm. Do not allow the client to dictate the algorithm used for verification. This can be achieved by configuring the JWT library to use a constant algorithm, such as 'HS256', and rejecting any tokens that specify a different algorithm. Additionally, always validate the JWT with a strong, private key that is kept secure and never exposed to the client. Regularly rotate your keys and audit your token handling code to prevent exploitation of this vulnerability.
Hasura Ensure that the Hasura engine is configured to accept only strong and secure JWT algorithms, such as RS256, and reject none algorithm. Explicitly specify the allowed algorithms in the JWT configuration and avoid using weaker algorithms like HS256 if the secret key is not managed securely. Additionally, keep the JWT secret key confidential and rotate it periodically to maintain security.
Agoo Ensure the JWT verification process explicitly checks and enforces the expected algorithm, such as HS256, to prevent accepting tokens signed with an invalid or weaker algorithm.
Ariadne Ensure the server explicitly specifies and enforces the expected JWT algorithm, such as RS256, to prevent algorithm confusion vulnerabilities.
Caliban Ensure the server explicitly specifies and enforces the expected JWT algorithm, such as RS256, to prevent algorithm confusion and enhance security.
Dgraph Ensure that the Dgraph framework is configured to strictly validate the JWT algorithm specified in the token header and reject any tokens with unexpected or invalid algorithms. Additionally, consider using asymmetric algorithms like RS256 to enhance security by separating the signing and verification keys.
Dianajl Ensure the server explicitly specifies and enforces the expected algorithm for JWT verification to prevent algorithm confusion vulnerabilities.
Directus Ensure that the Directus framework is configured to validate JWT tokens using a secure and expected algorithm, such as RS256, and verify the token's signature with the correct public key to prevent algorithm confusion vulnerabilities.
Flutter Ensure that the server explicitly specifies and verifies the expected JWT algorithm, such as RS256, to prevent algorithm confusion vulnerabilities.
Graphene Ensure that the Graphene framework is configured to strictly validate JWT algorithms by explicitly specifying the allowed algorithms, such as RS256, and rejecting any tokens with unexpected or invalid algorithms.
Graphqlapiforwp Ensure that the GraphQL API for WP framework engine properly validates the JWT algorithm by explicitly specifying and enforcing the expected algorithm (e.g., HS256) during both token creation and verification processes to prevent algorithm confusion vulnerabilities.
Graphqlgophergo Ensure that the GraphQLGopherGo framework engine is configured to strictly validate the JWT algorithm by explicitly specifying the expected algorithm (e.g., RS256) and rejecting any tokens that do not match this algorithm.
Graphqljava Ensure that the GraphQL Java engine is configured to strictly validate JWT tokens by specifying the expected algorithm and rejecting tokens with invalid or unexpected algorithms.
Graphqlphp Ensure that the GraphQL server properly validates the JWT algorithm by explicitly specifying the expected algorithm (e.g., RS256) during token verification to prevent algorithm confusion attacks.
Graphqlyoga Ensure that the GraphQL Yoga server is configured to strictly validate the JWT algorithm by explicitly specifying the expected algorithm (e.g., RS256) and rejecting any tokens that do not match this algorithm.
Hypergraphql Ensure that the HyperGraphQL framework engine strictly enforces the use of a secure and expected algorithm for JWT verification, such as RS256, and validate the algorithm field in the token header to prevent algorithm confusion attacks.
Jaal Ensure the server explicitly specifies and enforces the expected algorithm for JWT verification to prevent algorithm confusion vulnerabilities.
Juniper Ensure that the JWT library in the Juniper framework is configured to explicitly specify the expected algorithm for token verification, and reject tokens with unexpected or missing algorithms.
Lacinia Ensure that the Lacinia framework engine is configured to strictly validate JWT tokens by specifying and enforcing the expected algorithm, such as RS256, to prevent algorithm confusion vulnerabilities.
Lighthouse Ensure the server explicitly specifies and enforces the expected JWT algorithm, such as RS256, to prevent algorithm confusion vulnerabilities.
Mercurius Ensure the server explicitly specifies and verifies the expected JWT algorithm to prevent algorithm confusion attacks.
Morpheusgraphql Ensure the server explicitly specifies and enforces the expected JWT algorithm, such as RS256, to prevent algorithm confusion vulnerabilities.
Qglgen Ensure that the qglgen framework is configured to strictly validate the JWT algorithm by explicitly specifying the expected algorithm (e.g., RS256) and rejecting tokens with any other algorithm.
Sangria Ensure that the JWT validation process explicitly specifies the expected algorithm, such as RS256, to prevent algorithm confusion and enforce the use of asymmetric keys for enhanced security.
Shopify Ensure that the Shopify framework engine is configured to strictly validate JWT tokens by enforcing the use of a secure and expected algorithm, such as RS256, and rejecting any tokens with invalid or unexpected algorithms.
Stepzen Ensure that the StepZen framework engine is configured to strictly validate the JWT algorithm by explicitly specifying the expected algorithm type, such as RS256, and rejecting any tokens that do not match this specification.
Strawberry Ensure the server explicitly specifies and enforces the expected algorithm for JWT verification to prevent algorithm confusion vulnerabilities.
Tartiflette Ensure that the Tartiflette engine is configured to strictly validate JWT tokens by specifying and enforcing the expected algorithm, such as RS256, and rejecting tokens with any other algorithm.
Wpgraphql Ensure that the JWT verification process explicitly specifies the expected algorithm, such as RS256, to prevent algorithm confusion vulnerabilities.

REST Specific

Asp_net Ensure the ASP.NET application explicitly validates the JWT algorithm used during token verification. Configure the JWT middleware to only accept a predefined list of secure algorithms, such as RS256, and reject tokens with non-matching algorithms. This can be done by setting the TokenValidationParameters.ValidAlgorithms property to the list of acceptable algorithms and by checking the algorithm in the JWT header before processing the token.
Ruby_on_rails Ensure the JWT library in your Ruby on Rails application explicitly verifies the token algorithm against a whitelist of accepted algorithms. Configure the JWT decode function to only accept the expected algorithm, such as RS256, and reject tokens with mismatched or none specified algorithms. This can be done by setting the 'verify_iss' and 'algorithm' options in your JWT decode call. Additionally, always use a strong, private key for token signing and keep it secure.
Next_js Ensure the server strictly validates the JWT algorithm specified in the token header. Configure the JWT library to accept only the expected algorithm, such as RS256, and reject tokens with a different 'alg' parameter to prevent algorithm confusion attacks. In Next.js, use a robust library like 'jsonwebtoken' with a fixed algorithm setting in the verification step.
Laravel Ensure the JWT library in Laravel is configured to accept only a specific, secure algorithm such as RS256 or ES256 for token verification. Reject any tokens with a different 'alg' header. Use the 'jwt-auth' package's 'allowed_algs' configuration to specify acceptable algorithms and validate the 'alg' claim rigorously to prevent algorithm confusion attacks.
Express_js Ensure the Express.js application explicitly verifies the JWT with the expected algorithm. Configure the JWT middleware to reject tokens with algorithms other than the one you have securely chosen (e.g., RS256 for asymmetric verification). This can be done by setting the 'algorithms' option in the jwt.verify() method or within the express-jwt configuration. Additionally, implement proper error handling to catch and respond to invalid algorithm errors.
Django Ensure the Django application is configured to only accept a secure and appropriate algorithm for JWT validation, such as RS256. In the settings, explicitly specify the algorithm in the JWT_AUTH configuration and validate the 'alg' header in the token against this expected algorithm. Reject any tokens that do not match the expected algorithm to prevent algorithm confusion attacks.
Symfony Ensure the JWT library in Symfony is configured to explicitly check for the expected 'alg' parameter in the token's header. Reject any tokens that do not match the expected algorithm, typically by using a whitelist approach. Update the JWT handling code to use a library that provides secure default behavior and does not allow algorithm 'none'. Regularly review and update the security configurations to keep up with best practices and known vulnerabilities.
Spring_boot Ensure the JWT parser in the Spring Boot application is configured to only accept a predefined set of secure algorithms. Explicitly specify the allowed algorithms using the .setAllowedAlgorithms() method of the JwtParser, and avoid using none as an allowed algorithm. Additionally, implement proper key management to safeguard the secret keys used for token signing and verification.
Flask Ensure the Flask application explicitly verifies the JWT algorithm used. Configure the JWT library to only accept a predefined list of secure algorithms, such as RS256 or ES256, and reject tokens with non-matching algorithms. Use a library like PyJWT and its 'algorithms' argument to define allowed algorithms. For example: jwt.decode(token, key, algorithms=['RS256']).
Nuxt Ensure the server validates the JWT's 'alg' header. Configure the JWT library to reject tokens with unexpected algorithms, particularly 'none'. Use a library that provides strong defaults against algorithm substitution attacks. Regularly audit your JWT handling code and dependencies for security updates.
Fastapi Ensure the FastAPI application explicitly verifies the JWT algorithm used. Configure the JWT library to only accept a predefined list of secure algorithms, such as RS256, and reject tokens with non-matching algorithms. This can be done by setting the appropriate parameters in the JWT decoding function, such as `algorithms=['RS256']`, to prevent algorithm confusion attacks.
Frappe Ensure the server explicitly checks and enforces the expected JWT algorithm, such as RS256, to prevent algorithm confusion vulnerabilities.
Genzio Ensure the server explicitly specifies and enforces the expected JWT algorithm, such as RS256, to prevent algorithm confusion vulnerabilities.
Gin Ensure that the JWT middleware in the Gin framework explicitly specifies the expected algorithm (e.g., RS256) and validates the token's algorithm against this expectation to prevent algorithm confusion attacks.
Gorilla Ensure the server explicitly specifies and verifies the expected algorithm for JWTs, rejecting any tokens with unexpected or invalid algorithms.
Hapi Ensure the server explicitly specifies the expected JWT algorithm (e.g., RS256) in the hapi framework configuration to prevent algorithm confusion attacks.
Hono Ensure the server explicitly specifies and enforces the expected algorithm for JWT verification to prevent algorithm confusion vulnerabilities.
Jersey Ensure the server explicitly specifies and enforces the expected JWT algorithm, such as RS256, to prevent algorithm confusion vulnerabilities.
Koa Ensure the server explicitly specifies and verifies the expected JWT algorithm, such as RS256, to prevent algorithm confusion attacks in the Koa framework.
Ktor Ensure that the Ktor server explicitly specifies the expected JWT algorithm during token verification to prevent accepting tokens signed with an invalid algorithm.
Leptos Ensure that the Leptos framework engine properly validates the JWT algorithm by explicitly specifying and enforcing the expected algorithm type during token verification to prevent algorithm confusion vulnerabilities.
Macaron Ensure that the JWT library used in the Macaron framework is configured to explicitly specify the expected algorithm (e.g., RS256) and validate the token's algorithm against this expected value to prevent algorithm confusion attacks.
Phoenix Ensure the server explicitly specifies and verifies the expected JWT algorithm, such as RS256, to prevent algorithm confusion vulnerabilities.
Redwoodjs Ensure that the server explicitly specifies and verifies the expected JWT algorithm, such as RS256, to prevent algorithm confusion vulnerabilities in the RedwoodJS framework.
Rocket Ensure the server explicitly specifies and enforces the expected algorithm for JWT verification to prevent algorithm confusion attacks.
Sveltekit Ensure that the server explicitly specifies the expected JWT algorithm (e.g., RS256) and validates the token's algorithm before accepting it in the SvelteKit framework.

Configuration

Identifier: injection/jwt_alg_confusion

Examples

Ignore this check

checks:
  injection/jwt_alg_confusion:
    skip: true

Score

  • Escape Severity:

Compliance

  • OWASP: API2:2023
  • OWASP LLM: LLM06:2023
  • pci: 6.5.10
  • gdpr: Article-32
  • soc2: CC6
  • psd2: Article-95
  • iso27001: A.14.2
  • nist: SP800-63B
  • fedramp: SC-12

Classification

  • CWE: 287

Score

  • CVSS_VECTOR: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
  • CVSS_SCORE: 9.3