alg=none vulnerability in examples #1
Description
This example has a serious security concern. If the advice is followed, it can leave the server open to attack.
The article is a good overview of JWT and how to generate and inspect JWTs. However, someone reading might naively use the examples without context as a basis for actual production code.
The example has the following code:
header_data = jwt.get_unverified_header(token)
payload_data = jwt.decode(
token,
key=secret,
algorithms=[header_data['alg'], ]
)
The vulnerability here is that the JWT token could contain the alg "none". This would bypass signature validation and allow an attacker to forge any token without having to know the secret.
RFC 8725 has best practices for JWT tokens:
2.1 "The algorithm can be changed to "none" by an attacker, and some libraries would trust this value and "validate" the JWT without checking any signature."
3.1 "each key MUST be used with exactly one algorithm, and this MUST be checked when the cryptographic operation is performed."
I recommend changing the examples to remove any usage of algorithms=[header_data['alg'], ]. Someone blindly copy/pasting would not understand the implications of this and could introduce the vulnerability into their production code. Only a hard-coded algorithms list should be used.