Kotlin : JWT: None Algorithm
Classification
OWASP Top 10 2013 A6-Sensitive Data Exposure A7-Missing Function Level Access Control OWASP Top 10 2017 A3-Sensitive Data Exposure A5-Broken Access Control OWASP Top 10 2021 A2-Cryptographic Failures A1-Broken Access Control OWASP MASVS V8: 8.13.(L1+R/L2+R) OWASP ASVS Stored Cryptography PCI DSS 4.0 4.2.1 HIPAA §164.312 (a)(1) §164.312 (d) CWE CWE-303Overview
A JWT token is a string consisting of three parts, each of which is encoded using base64: headline, payload and signature. The base64 encoding does not encrypt or protect the data, but only represents it in an ASCII character sequence. In the first part - token header - the signature algorithm is specified. The algorithm may not exist. The none
algorithm may cause the application to be compromised.
This algorithm is used when the integrity of the token is already verified. Some libraries perceive tokens with an algorithm such as validated tokens. An attacker can create “signed” tokens and add any payload. This will allow for random access to the account on the system and, as a result, compromise the application.