JWT 'none' Algorithm Accepted

TaintedPort

Back to App
Vuln ID TP-011 Title JWT 'none' Algorithm Accepted Severity high Type Broken Authentication HTTP Method GET URL /* Parameter Authorization Filename - Code Location backend/api/config/jwt.php lines 34-40

Description

The JWT decoder accepts alg=none and skips signature verification entirely. An attacker can forge tokens with arbitrary payloads.

Proof of Concept

Header={"alg":"none","typ":"JWT"}, Payload={"user_id":1,"email":"[email protected]","exp":9999999999}

Remediation

Reject any token where alg is not the expected algorithm (HS256).