software composition analysis
Product
SAST
Catch vulnerabilities as you develop DAST
Test live web applications like an attacker SCA
Secure open-source and supply chain MAST
Secure mobile apps from code to store Compliance
Align with standards while shipping secure code
Resources
Vulnerability database Healthy Package
Blog News
Documentation
Pricing Partners About Us Log In
software composition analysis

Kotlin : JWT: None Algorithm

Classification

OWASP Top 10 2013 A6-Sensitive Data Exposure A7-Missing Function Level Access Control OWASP Top 10 2017 A3-Sensitive Data Exposure A5-Broken Access Control OWASP Top 10 2021 A2-Cryptographic Failures A1-Broken Access Control OWASP MASVS V8: 8.13.(L1+R/L2+R) OWASP ASVS Stored Cryptography PCI DSS 4.0 4.2.1 HIPAA §164.312 (a)(1) §164.312 (d) CWE CWE-303

Overview

A JWT token is a string consisting of three parts, each of which is encoded using base64: headline, payload and signature. The base64 encoding does not encrypt or protect the data, but only represents it in an ASCII character sequence. In the first part - token header - the signature algorithm is specified. The algorithm may not exist. The none algorithm may cause the application to be compromised.

This algorithm is used when the integrity of the token is already verified. Some libraries perceive tokens with an algorithm such as validated tokens. An attacker can create “signed” tokens and add any payload. This will allow for random access to the account on the system and, as a result, compromise the application.

References

  1. What is JSON Web Token?
  2. Critical vulnerabilities in JSON Web Token libraries

See also

Kotlin : Hidden HTML field
Kotlin : Path manipulation
Kotlin : Cookie: transmission not over SSL