Kazaar JWT None Algorithm Vulnerability

A vulnerability in Kazaar versions through 1.25.12 allows the acceptance of JSON Web Tokens (JWT) with 'none' specified in the algorithm field. This issue arises because the application fails to properly verify the token signatures, potentially leading to the acceptance of tokens with invalid signatures. The vulnerability is present in the Kazaar application across all endpoints.

Impact

Exploitation of this vulnerability could allow for the acceptance of JWTs with 'none' in the algorithm field, bypassing signature verification and potentially leading to unauthorized actions or access within the application.

Reproduction

To reproduce this vulnerability, log into the Kazaar application as any user. Once logged in, select any request to access the JWT token in the cookie field. Decode the token, change the algorithm field to 'none', and then replace the original token with the modified one. Send the request, and it will be accepted with a valid response.