Skip to content

Injection: JWT algorithm confusion

Identifier: jwt_alg_confusion

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

JWT algorithm confusion happens when a server blindly trusts the algorithm specified in a token, even if it's not the one it expects. This means an attacker could change the algorithm in the token header and trick the server into verifying the signature with the wrong key method, potentially allowing them to forge tokens and gain unauthorized access. Developers can fall into this trap by not strictly enforcing which algorithm should be used, leaving room for attackers to bypass proper validation. If left untreated, this vulnerability risks data breaches and compromised systems by letting attackers impersonate legitimate users or escalate privileges.

Execution conditions (BLST):

  • Runs when this sub-test is enabled and a suitable authenticated JWT exchange is found by the shared JWT baseline selection logic.

Configuration

Example

Example configuration:

---
security_tests:
  jwt_alg_confusion:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.