JWT None Exploit

Docs > Alerts

Details
Alert ID	100026
Alert Type	Script Active
Status	alpha
Risk	High
CWE	347
WASC	15
Technologies Targeted	All
Tags	CWE-347 OWASP_2017_A02 OWASP_2021_A01 WSTG-V42-CRYP-04
More Info	Scan Rule Help

Summary

The application’s JWT implementation allows for the usage of the ’none’ algorithm, which bypasses the JWT hash verification.

Solution

Use a secure JWT library, and (if your library supports it) restrict the allowed hash algorithms.

Other Info

References

https://www.sjoerdlangkemper.nl/2016/09/28/attacking-jwt-authentication/

Code

active/JWT None Exploit.js