02Modules
Do Not Check This Token Thanks - JWT's Notorious 'None' Algorithm
Easy30MIN
"None" Algorithm
One of the "signature algorithms" for JWT is "None", meaning no signature at all. If an application accepts such tokens, even if the developer hasn't considered it, the consequences are catastrophic. A JWT token with "None" as the signature algorithm looks like this:

1 / 7
Hakatemia Pro
Learn to hack — start here
Hundreds of interactive courses, virtual labs and CTF challenges in your browser. Start a free trial — no card required.