Injection: JWT no algorithm¶

Identifier: jwt_alg_none

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

JWT 'none' algorithm vulnerabilities occur when servers accept unsigned tokens marked with the 'none' algorithm, allowing attackers to forge tokens and impersonate any user without proper signature validation.

How we test: We modify JWT tokens to use the 'none' algorithm and remove signatures, then analyze responses to detect if the server accepts unsigned tokens. We verify if the server properly rejects tokens with the 'none' algorithm or enforces signature validation.

Prerequisites:

The scan must observe an authenticated request that uses a JWT.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  jwt_alg_none:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.