Skip to content
← Back to Vulnerability Database
CRITICALCWE-345Authentication

JWT 'None' Algorithm Attack

Description

Your JWT verification library accepts tokens signed with the 'none' algorithm, allowing attackers to forge valid tokens without knowing the secret.

How Vezraa Detects It

We craft JWTs with alg: 'none' and test them against your protected endpoints.

Real-World Impact

Complete authentication bypass. An attacker can forge a token for any user by setting the algorithm to 'none' and omitting the signature.

Fix Example

// BAD — accepts 'none'
jwt.verify(token, secret);

// GOOD — require algorithm
jwt.verify(token, secret, { algorithms: ['HS256'] });

Affected Stacks

JWTNode.jsPythonAll JWT implementations

References

Check if your app has this vulnerability

Scan your app in 25 seconds — no install, no code access required.

JWT 'None' Algorithm Attack — Vulnerability Database | Vezraa