Exploit ‘none’ Algorithm in JWT

Exploit ‘none’ Algorithm in JWT

What is none algorithm in JWT?

JWT RFC describes unsecured JWTs where there is no signature present. Such unsecured tokens have a header alg parameter set to none.

{"alg":"none"}

How to create a JWT token with the none algorithm?

To create a JWT token, you can use any programming language and any JWT library you like.

In my example I use Java and io.jsonwebtoken JJWT library. Please, note that I don’t use signWith method anywhere in my code, thus the generated token will not have any signing algorithm set up, implicitly having none algorithm configured.

Jwts.builder()
    .setSubject(subject)
    .setIssuedAt(Date.from(now()))
    .setIssuer("jwt-demo")
    .setExpiration(Date.from(now().plus(ofDays(1))))
    .compact();

When is an application vulnerable?

An application is vulnerable when it doesn’t verify the signature nor algorithm set in a token. It may happen due to a misleading library design where decode and verify functions are not properly distinguished. Unfortunately, that’s the case of io.jsonwebtoken JJWT. The library provides two methods parse and parseClaimsJws. The parse method decodes a token but doesn’t verify its signature. The parseClaimsJws method decodes a token and verifies its signature.

The below code is vulnerable:

Jwts.parser()
    .setSigningKey(secretKey)
    .parse(token);

Leave a Reply

Your email address will not be published.