Jwt-none-alg
Jwt none alg
jwt-none-alg
jwt-none-alg
Detected use of the none
algorithm in a JWT token. The none
algorithm assumes the integrity of the token has already been verified. This would allow a malicious actor to forge a JWT token that will automatically be verified. Do not explicitly use the none
algorithm. Instead, use an algorithm such as HS256
.
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP:
- A02:2021 - Cryptographic Failures
- A03:2017 - Sensitive Data Exposure