Description

JSON Web Token (JWT) can be digitally signed for protection against data tampering. The web application sets the algorithm of the token to "none" which means the token is not signed/MACed.

Remediation

Change the algorithm to a secure one

References

Example Unsecured JWT

Related Vulnerabilities

Insecure Transportation Security Protocol Supported (TLS 1.1)

HTTP header reflected in cached response

ASP.NET forms authentication using inadequate protection

ASP.NET ValidateRequest Is Globally Disabled

Apache Tomcat version older than 6.0.35

Severity

High

Classification

CWE-345 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Weak Credentials