Description

JSON Web Token (JWT) can be digitally signed for protection against data tampering. The web application sets the algorithm of the token to "none" which means the token is not signed/MACed.

Remediation

Change the algorithm to a secure one

References

Example Unsecured JWT

Related Vulnerabilities

CodeIgniter weak encryption key

Reachable SharePoint interface

Web Cache Poisoning via Fat GET Request

Insecure Protocol Detected in Content Security Policy (CSP)

TLS/SSL Sweet32 attack

Severity

High

Classification

CWE-345 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Weak Credentials