Security · 2h ago
JWT 'alg:none' Flaw Lets CTF Player Bypass Admin Vault
A CTF challenge called NexaVault used a JWT-based authentication that trusted the 'alg' header. By changing the algorithm to 'none', an attacker forged an admin token without the signing key. The server accepted the unsigned token, granting access to the admin panel.
Meridian48 take
This is a textbook JWT misconfiguration that real apps still ship, making the CTF exercise a useful reminder for developers to always reject 'none' algorithm.
jwt-authenticationctf-writeup