JWT Signature Bypass via None Algorithm
Description
The application accepts JSON Web Tokens (JWT) that use the 'none' algorithm, which indicates the token has no cryptographic signature or message authentication code (MAC). JWTs are designed to be digitally signed to ensure data integrity and authenticity, but when the algorithm is set to 'none', the token's payload can be modified by anyone without detection. This occurs when the application fails to validate that incoming tokens use a secure signing algorithm.
Remediation
Configure the application to reject JWTs that use the 'none' algorithm and enforce the use of secure signing algorithms such as HS256, RS256, or ES256. Implement the following measures:
1. Explicitly validate that the JWT algorithm is not 'none' before processing the token
2. Use an allowlist of approved signing algorithms (e.g., RS256, ES256)
3. Ensure the JWT library is configured to reject unsigned tokens
Example validation code:
// Reject 'none' algorithm explicitly
if (token.header.alg === 'none') {
throw new Error('Unsigned JWTs are not allowed');
}
// Use allowlist of secure algorithms
const allowedAlgorithms = ['RS256', 'ES256'];
jwt.verify(token, publicKey, {
algorithms: allowedAlgorithms
});
Ensure that your JWT validation library is up to date and properly configured to prevent algorithm substitution attacks.