Skip to content

Injection: JWT algorithm confusion

Identifier: jwt_alg_confusion

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

JWT algorithm confusion vulnerabilities occur when servers trust the algorithm specified in token headers without strict validation, allowing attackers to forge tokens by changing algorithms and bypassing signature verification.

How we test: We modify JWT tokens to use different algorithms than expected and analyze responses to detect if the server accepts tokens with algorithm confusion. We test for various algorithm confusion attacks including changing from RS256 to HS256 and verify if the server properly validates algorithm consistency.

Execution conditions (BLST):

  • Runs when this sub-test is enabled and a suitable authenticated JWT exchange is found by the shared JWT baseline selection logic.

Configuration

Example

Example configuration:

---
security_tests:
  jwt_alg_confusion:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.