Security Test: JWT no algorithm¶
Description¶
Default Severity:
When a server accepts a JWT marked with the 'none' algorithm, it means it's treating an unsigned token as if it were securely signed. This vulnerability arises when the token validation process lets through a token claiming that it hasn’t been signed at all, so an attacker can create or modify tokens to impersonate any user. If developers don’t restrict acceptable algorithms or enforce proper signature checks, it could let attackers gain unauthorized access, create privilege escalation opportunities, and initiate other attacks that compromise sensitive data or system integrity.
Configuration¶
Identifier:
injection/jwt_alg_none
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API2:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 6.5.10 |
| GDPR | Article-32 |
| SOC2 | CC1 |
| PSD2 | Article-95 |
| ISO 27001 | A.14.2 |
| NIST | SP800-63B |
| FedRAMP | AC-2 |
| CWE | 287 |
| CVSS Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N |
| CVSS Score | 9.3 |