HAKATEMIA
02Modules

Do Not Check This Token Thanks - JWT's Notorious 'None' Algorithm

Easy30MIN

"None" Algorithm

One of the "signature algorithms" for JWT is "None", meaning no signature at all. If an application accepts such tokens, even if the developer hasn't considered it, the consequences are catastrophic. A JWT token with "None" as the signature algorithm looks like this:

1 / 7
Hakatemia Pro

Learn to hack — start here

Hundreds of interactive courses, virtual labs and CTF challenges in your browser. Start a free trial — no card required.