Quick JWT Security Challenge - Can You Spot the Risk?

While testing a web app, you find an endpoint that accepts a JWT in the Authorization header.
The server verifies tokens but does not enforce the alg value from a trusted list, and you notice a token signed with alg: "HS256".
You try changing the token header to alg: "none", and the server accepts it.

What’s the most serious impact an attacker could achieve from this vulnerability?

Options

1. Steal users’ plain-text passwords from the database
2. Forge tokens to impersonate an admin account and gain full app access
3. Trigger server-side Remote Code Execution (RCE) immediately
4. Cause a Denial of Service (DoS) by flooding token verification requests

Comment your answer below