Discussion:
[OAUTH-WG] JWT: Algorithm choice as an attack vector
Maciej Kwidzinski
2016-10-03 15:46:36 UTC
Permalink
Hi,

Tim McLean describes an attack vector on JWT-protected services in his
blog post: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/

The culprit is relying on the algorithm in the JWT header. The
workaround/recommendation is to ignore the algorithm from the header
and use a predefined one.

The current RFC 7519 does not address this vulnerability.
Will this problem be addressed in the standard?

Best regards,
Maciej Kwidziński
Vladimir Dzhuvinov
2016-10-06 05:11:12 UTC
Permalink
Hi Maciej,

Apps must not accept arbitrary JWTs, neither let the JWT header alone
drive the JWT validation process.

A good app contract will specify which algs and header parameters are
accepted, and discard all JWTs that don't match these rules, before
passing the JWTs for validation to the library.
Post by Maciej Kwidzinski
Hi,
Tim McLean describes an attack vector on JWT-protected services in his
blog post: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
The culprit is relying on the algorithm in the JWT header. The
workaround/recommendation is to ignore the algorithm from the header
and use a predefined one.
The current RFC 7519 does not address this vulnerability.
Will this problem be addressed in the standard?
Best regards,
Maciej Kwidziński
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
Jim Manico
2016-10-09 16:38:11 UTC
Permalink
Post by Vladimir Dzhuvinov
A good app contract will specify which algs and header parameters are
accepted, and discard all JWTs that don't match these rules, before
passing the JWTs for validation to the library.

While this is ideal it's not always practical for authorization servers
that need to support a wide array of algs and header parameters.

This is also why - in addition to a good app contract - these token
should be proof tokens at multiple layers - including mutual TLS.

Aloha, Jim
Post by Vladimir Dzhuvinov
Hi Maciej,
Apps must not accept arbitrary JWTs, neither let the JWT header alone
drive the JWT validation process.
A good app contract will specify which algs and header parameters are
accepted, and discard all JWTs that don't match these rules, before
passing the JWTs for validation to the library.
Post by Maciej Kwidzinski
Hi,
Tim McLean describes an attack vector on JWT-protected services in his
blog post: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
The culprit is relying on the algorithm in the JWT header. The
workaround/recommendation is to ignore the algorithm from the header
and use a predefined one.
The current RFC 7519 does not address this vulnerability.
Will this problem be addressed in the standard?
Best regards,
Maciej Kwidziński
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
--
Jim Manico
Manicode Security
https://www.manicode.com
Loading...