JWT Signature Bypass via None Algorithm
Description
JSON Web Token (JWT) can be digitally signed for protection against data tampering. The web application sets the algorithm of the token to "none" which means the token is not signed/MACed.
Remediation
Change the algorithm to a secure one