Injection: JWT no algorithm¶

Identifier: jwt_alg_none

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

When a server accepts a JWT marked with the 'none' algorithm, it means it's treating an unsigned token as if it were securely signed. This vulnerability arises when the token validation process lets through a token claiming that it hasnt been signed at all, so an attacker can create or modify tokens to impersonate any user. If developers dont restrict acceptable algorithms or enforce proper signature checks, it could let attackers gain unauthorized access, create privilege escalation opportunities, and initiate other attacks that compromise sensitive data or system integrity.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  jwt_alg_none:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.