SecPrep logoSecPrep

A JWT library accepts `alg: none`. What is the risk?

  • 1Tokens expire too quickly
  • 2Anyone can forge a valid token by setting alg to none✓ correct
  • 3The payload is encrypted and unreadable
  • 4Nothing — none is a secure algorithm

  • A JWT's header includes an alg field specifying the signing algorithm. When a library accepts alg: none, it treats the token as unsigned — meaning anyone can create a JWT with arbitrary claims (e.g. {"sub": "admin"}) by simply stripping the signature and setting alg to none. The server validates 'successfully' because it checks no signature. Fix: always specify the expected algorithm server-side (e.g. { algorithms: ['RS256'] }) and reject tokens that use any other algorithm, including none.

An attacker can forge tokens because no signature is verified.

References

Practice this in the app →