JWT no algorithm
We sent a token with the 'none' algorithm and it was accepted by the server. This means that we can handcraft any token to impersonate another user.
You must validate the algorithm used to sign the token before checking it's signature.
Ignore this check
Escape Severity: HIGH
- CVSS_VECTOR: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
- CVSS_SCORE: 9.3