Skip to content
attack.paths
Iniciar sesión
← LibraryTechnique entry
W-JWT-NONECredential Access

JWT — "none" Algorithm

Server accepts alg=none — forge any payload, strip signature, log in as anyone.

§ Where this technique fits

W-JWT-NONE is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.