JWT none
https://twitter.com/__agwa/status/1288953720668119045 [twitter.com]
2020-08-01 01:46
Every time there is another JWS/JWT vulnerability involving “alg“:“none” (like today, lolsob), people focus on the “none” part. But the real problem is the “alg” part.
source: white