oss-sec mailing list archives
perl Crypt::JWT vulnerability
From: Jeremy Choi <jechoi () redhat com>
Date: Fri, 7 Sep 2018 09:54:02 +1000
A vulnerability that might be able to cause bypass authentication was discovered by myself in Perl Crypt::JWT package prior to 0.023(fix - https://github.com/DCIT/perl-Crypt-JWT/commit/b98a59b42ded9f9e51b2560410106207c2152d6c ). ## Details (JWT.pm) 606 # key 607 my $key = defined $args{keypass} ? [$args{key}, $args{keypass}] : $args{key}; 608 my $kid = exists $header->{kid} ? $header->{kid} : $unprotected_header->{kid}; 609 if (!defined $key && defined $kid && $args{kid_keys}) { 610 my $k = _kid_lookup($kid, $args{kid_keys}, $alg); 611 $key = $k if defined $k; 612 } 613 # if no key given, try to use 'jwk' value from header 614 $key = $header->{jwk} if !$key && $header->{jwk}; The vulnerability comes from line 614. If no 'kid' is given, 'jwk' will be used instead. Where 'RS256' is set as alg, it's okay as _prepare_rsa_key() will be failed. However, if 'HS256' is set, the key from the 'jwk' header is used for decoding. ... 537 elsif ($alg =~ /^HS(256|384|512)$/) { # HMAC integrity 538 $key = _prepare_oct_key($key); 539 return 1 if $sig eq hmac("SHA$1", $key, $data); 540 } ... 65 sub _prepare_oct_key { 66 my ($key) = @_; 67 croak "JWT: undefined oct key" unless defined $key; 68 if (ref $key eq 'HASH' && $key->{k} && $key->{kty} && $key->{kty} eq 'oct') { 69 return decode_b64u($key->{k}); 70 } 71 elsif (!ref $key) { 72 return $key; 73 } Since the jwk key is a string, it reaches line 72 and then 539 above. If a project uses Crypt::JWT for its authentication without additional mitigation, it may allow attackers to bypass authentication by providing a token by crafting with hmac() with 'HS(256|384|512)' I'm requesting a CVE ID through DWF. Thanks -- Jeremy Choi / Red Hat Product Security
Current thread:
- perl Crypt::JWT vulnerability Jeremy Choi (Sep 07)