Python Jwt None Algorithm
Description
Detects insecure JWT token handling where the 'none' algorithm is used for signing or allowed during verification. This vulnerability allows attackers to forge valid JWT tokens by removing the signature verification requirement, potentially leading to authentication bypass.
Detection Strategy
• Check if JWT libraries (jwt, jose) are imported in the code
• Look for JWT encode operations with algorithm='none' parameter
• Look for JWT decode operations that accept 'none' in the algorithms list parameter
• Monitor both direct function calls and class method invocations of encode/decode operations
Vulnerable code example
import jwt
payload = {"user": "admin"}
# VULNERABLE: Creates unsigned JWT token that bypasses signature verification
token = jwt.encode(payload, "", algorithm="none")
# VULNERABLE: Accepts unsigned tokens, enabling token forgery...✅ Secure code example
import jwt
import os
# Load secret from environment variable - never hardcode secrets
secret_key = os.getenv('JWT_SECRET_KEY')
if not secret_key:
raise ValueError("JWT_SECRET_KEY environment variable must be set")
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.