Cette page n'est pas encore disponible en français, sa traduction est en cours. Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.
Metadata
ID:javascript-node-security/jwt-weak-encryption
Language: JavaScript
Severity: Warning
Category: Security
Description
Do not use none as a validation algorithm for a JWT token. The none algorithm assumes that the token has been verified, which would allow attacker to create a token that would be automatically validated.
Never use the none algorithm, always use a valid algorithm as directed by the documentation.