Security Test: JWT algorithm confusion¶
Description¶
Default Severity:
JWT algorithm confusion happens when a server blindly trusts the algorithm specified in a token, even if it's not the one it expects. This means an attacker could change the algorithm in the token header and trick the server into verifying the signature with the wrong key method, potentially allowing them to forge tokens and gain unauthorized access. Developers can fall into this trap by not strictly enforcing which algorithm should be used, leaving room for attackers to bypass proper validation. If left untreated, this vulnerability risks data breaches and compromised systems by letting attackers impersonate legitimate users or escalate privileges.
Configuration¶
Identifier:
injection/jwt_alg_confusion
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API2:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 6.5.10 |
| GDPR | Article-32 |
| SOC2 | CC6 |
| PSD2 | Article-95 |
| ISO 27001 | A.14.2 |
| NIST | SP800-63B |
| FedRAMP | SC-12 |
| CWE | 287 |
| CVSS Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N |
| CVSS Score | 9.3 |