Open postmodern opened 8 months ago
Hi! Sign/encryption attack1 may lead to authentication bypass, for example: A router will check whether the user's JWT can be verified and consider whether to reject the HTTP request.
In this case, the user can construct a fake JWE to bypass this restriction.
JWcrypto2 has also fixed this problem.
Reference
A router will check whether the user's JWT can be verified and consider whether to reject the HTTP request.
but is that actually possible in a real application using json-jwt? The maintainer says that the JWT and JWE objects are different enough, that using a decoded JWE object in place of a decoded JWT object would probably result in a NoMethodError
exception. Could you try reproducing this in an example Ruby app?
It's certainly possible. What I mean is that JWT.decode can also be used to verify the JWT, it does not necessarily need to be used to parse its content.
Hello, the maintainer of json-jwt contests whether it is even possible to create an application that is vulnerable to CVE-2023-51774. Could you create a PoC web application that demonstrates how to exploit CVE-2023-51774?