Description

JSON Web Token (JWT) can be digitally signed for protection against data tampering. The web application sets the algorithm of the token to "none" which means the token is not signed/MACed.

Remediation

Change the algorithm to a secure one

References

Related Vulnerabilities