Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Generic
- Java-jwt
- Jwt-hardcode
- Jwt-none-alg
- Jedis
- Jjwt
- Ktor
- Lang
- Mongo
- Okhttp
- Openai
- Spring
- Sql
- Xxe
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Jwt-none-alg
Jwt none alg
Detected use of the none algorithm in a JWT token. The none algorithm assumes the integrity of the token has already been verified. This would allow a malicious actor to forge a JWT token that will automatically be verified. Do not explicitly use the none algorithm. Instead, use an algorithm such as HS256.
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP:
- A02:2021 - Cryptographic Failures
- A03:2017 - Sensitive Data Exposure