Question 1

What is a JWT algorithm swap attack?

Accepted Answer

A JWT algorithm swap (or confusion) attack exploits servers that accept multiple signing algorithms. An attacker changes the token header from an asymmetric algorithm like RS256 to a symmetric one like HS256, then signs the token using the server's public key as the HMAC secret. If the server does not enforce a specific algorithm, it verifies the forged token successfully, granting unauthorized access.

Question 2

How do I prevent JWT algorithm confusion vulnerabilities?

Accepted Answer

Always enforce the expected signing algorithm on the server side — never trust the algorithm specified in the JWT header. Use allowlists for accepted algorithms and reject tokens that specify anything else. Keep your JWT library up to date, as modern libraries include protections against algorithm confusion. Store signing keys securely and use separate keys for different algorithms.

JWT Algorithm Swap

Challenges

Frequently Asked Questions