authentikat-jwt icon indicating copy to clipboard operation
authentikat-jwt copied to clipboard

Published 20 hours ago verified publisher icon jasongoodwin

JWT algorithm specification

Open natefrechette opened this issue 9 years ago • 3 comments

As per the recent JWT vulnerability concerns, (https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/), I was looking into the JsonWebToken.validate() method in this library and was interesting in forking off and adding an algorithm parameter to the validate method to avoid this recent vulnerability of being able to specify your own encryption algorithm. I will work on this today, and would appreciate any feedback if any.

Nate

natefrechette avatar Jul 13 '15 15:07 natefrechette

Hey Nate - ya fork and send a pull request - I'll gladly have a look and appreciate the efforts! On Jul 13, 2015 11:44 AM, "Nate Frechette" [email protected] wrote:

As per the recent JWT vulnerability concerns, ( https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/), I was looking into the JsonWebToken.validate() method in this library and was interesting in forking off and adding an algorithm parameter to the validate method to avoid this recent vulnerability of being able to specify your own encryption algorithm. I will work on this today, and would appreciate any feedback if any.

Nate

— Reply to this email directly or view it on GitHub https://github.com/jasongoodwin/authentikat-jwt/issues/15.

jasongoodwin avatar Jul 14 '15 11:07 jasongoodwin

Just an update here, because I ran into something similar since we're using this library in our project as well. Although I feel the API of validate could be more explicit in also requiring an algorithm parameter, from what I can tell the mentioned vulnerability is not exploitable here.

Generating a token with none as the algorithm, results in a JWT string without the signature part. Calling validate on such a token string always results in false, since the validate expects a token with format header.claims.signature; anything else is rejected.

Manually appending a signature doesn't seem to bypass this either. In case of algorithm none, the validate function generates an empty signature which is then compared to the provided signature, which won't match.

dmeenhuis avatar Aug 27 '15 12:08 dmeenhuis

I'm removing the validate in future versions (1.0.0) as I'm implementing RSA. The user must produce the verifier explicitly then to deal with this.

Thanks for looking at this again.

jasongoodwin avatar Jan 24 '16 21:01 jasongoodwin