jjwt-none-alg
jjwt-none-alg
Detected use of the
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP:
- A02:2021 - Cryptographic Failures
- A03:2017 - Sensitive Data Exposure
none algorithm in a JWT token. The none algorithm assumes the integrity of the token has already been verified. This would allow a malicious actor to forge a JWT token that will automatically be verified. Do not explicitly use the none algorithm. Instead, use an algorithm such as HS256.Likelihood: LOW
Confidence: LOW
CWE:
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP:
- A02:2021 - Cryptographic Failures
- A03:2017 - Sensitive Data Exposure