Skip to content

Injection: JWT algorithm confusion

Identifier: jwt_alg_confusion

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

JWT algorithm confusion happens when a server blindly trusts the algorithm specified in a token, even if it's not the one it expects. This means an attacker could change the algorithm in the token header and trick the server into verifying the signature with the wrong key method, potentially allowing them to forge tokens and gain unauthorized access. Developers can fall into this trap by not strictly enforcing which algorithm should be used, leaving room for attackers to bypass proper validation. If left untreated, this vulnerability risks data breaches and compromised systems by letting attackers impersonate legitimate users or escalate privileges.

Configuration

Example

Example configuration:

---
security_tests:
  jwt_alg_confusion:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.