JWT Algorithm None
Accepting 'none' as a valid JWT signing algorithm lets attackers forge tokens without a secret key.
How It Works
JWT headers carry an 'alg' field. If your verification code accepts 'alg: none', an attacker can strip the signature entirely and craft a token claiming to be any user. The server trusts it because it never checks a real signature.
// BAD: allows attacker to set alg=none and skip signature
jwt.verify(token, secret, { algorithms: ['HS256', 'none'] });// GOOD: explicitly whitelist only the algorithm you actually use
jwt.verify(token, secret, { algorithms: ['HS256'] });Real-World Example
CVE-2015-9235 — the original 'alg:none' bypass affected multiple JWT libraries. Auth0 patched their library after researchers showed any user could become an admin by editing the token header.
How to Prevent It
- Always pass an explicit algorithms whitelist to jwt.verify()
- Never include 'none', 'RS256' alongside 'HS256', or any algorithm you don't use
- Prefer a battle-tested library like jose instead of rolling your own verification
- Run automated scans to catch algorithm misconfigurations before they reach production
Affected Technologies
Data Hogo detects this vulnerability automatically.
Scan Your Repo FreeRelated Vulnerabilities
ECB Mode
mediumUsing ECB (Electronic Codebook) mode for encryption produces identical ciphertext blocks for identical plaintext blocks, revealing patterns in the encrypted data.
Static IV/Nonce
highUsing a hardcoded or constant Initialization Vector (IV) or nonce for encryption defeats the purpose of the IV and allows attackers to detect patterns and decrypt data.
Weak Key Size
mediumUsing cryptographic keys shorter than recommended minimums (RSA less than 2048 bits, AES less than 128 bits) makes encryption vulnerable to brute-force attacks with modern hardware.
Certificate Validation Disabled
criticalDisabling TLS certificate validation with NODE_TLS_REJECT_UNAUTHORIZED=0 or rejectUnauthorized: false allows man-in-the-middle attacks on all HTTPS connections.