[&] What happens if a server blindly trusts the algorithm field in a JWT header?
- It reads the payload but ignores the header
- It sends an error due to a mismatch in encryption methods
- It may accept a forged token with an algorithm set to 'none' -- Correct
- It encrypts the token using the specified algorithm

[&] What is a primary cause of the non-algorithm vulnerability in JSON Web Tokens (JWT)?
- Strong encryption methods in JWT header
- Misconfiguration that allows tokens without a signature -- Correct
- Use of outdated cryptographic libraries
- Excessive token expiration times

[&] What potential threat does altering a JWT's payload present?
- Token expiration mismanagement
- Unauthorized data encryption
- Identity impersonation or privilege escalation -- Correct
- The ability to generate new JWT keys

[&] How does setting the JWT algorithm to 'none' affect token validation?
- It bypasses the signature verification -- Correct
- It improves the security of the token
- It ensures the payload is encrypted
- It allows only read-only access to the payload

[&] How can an attacker exploit the non-algorithm vulnerability in a JWT?
- By changing the token expiration
- By bypassing token signing entirely -- Correct
- By adding a stronger signature
- By encrypting the payload

[&] What role does the JWT header play in the non-algorithm vulnerability?
- It specifies the token expiration
- It defines the signing algorithm used -- Correct
- It requires strict encryption methods
- It determines the token issuer