Documentation
Broken Authentication
JWT Null Signature

JWT Null Signature

Severity High
CVEs
Classifications
OWASP Category OWASP API2:2023 Broken Authentication (opens in a new tab)

The "JWT Null Signature" vulnerability occurs when a JSON Web Token (JWT) lacks a signature part, allowing attackers to manipulate the token's content potentially leading to unauthorized access and data tampering.

Example

TODO: write an example

How to test?

If you want to test only the "JWT Null Signature" vulnerability, you can use the following command:

vulnapi scan <curl|openapi|graphql> --scans jwt.null_signature [url]

VulnAPI supports scanning against various types of other JWT vulnerabilities as well.

What is the impact?

TODO: write the impact

How to remediate?

TODO: write the remediation