JWT algorithm specification

jasongoodwin / authentikat-jwt

JWT Scala Implementation - Claims based auth for Scala.

Apache License 2.0

133 stars 45 forks source link

JWT algorithm specification #15

Open natefrechette opened 9 years ago

natefrechette commented 9 years ago

As per the recent JWT vulnerability concerns, (https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/), I was looking into the JsonWebToken.validate() method in this library and was interesting in forking off and adding an algorithm parameter to the validate method to avoid this recent vulnerability of being able to specify your own encryption algorithm. I will work on this today, and would appreciate any feedback if any.

Nate

jasongoodwin commented 9 years ago

Hey Nate - ya fork and send a pull request - I'll gladly have a look and appreciate the efforts! On Jul 13, 2015 11:44 AM, "Nate Frechette" notifications@github.com wrote:

As per the recent JWT vulnerability concerns, ( https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/), I was looking into the JsonWebToken.validate() method in this library and was interesting in forking off and adding an algorithm parameter to the validate method to avoid this recent vulnerability of being able to specify your own encryption algorithm. I will work on this today, and would appreciate any feedback if any.

Nate

— Reply to this email directly or view it on GitHub https://github.com/jasongoodwin/authentikat-jwt/issues/15.

dmeenhuis commented 9 years ago

Just an update here, because I ran into something similar since we're using this library in our project as well. Although I feel the API of validate could be more explicit in also requiring an algorithm parameter, from what I can tell the mentioned vulnerability is not exploitable here.

Generating a token with none as the algorithm, results in a JWT string without the signature part. Calling validate on such a token string always results in false, since the validate expects a token with format header.claims.signature; anything else is rejected.

Manually appending a signature doesn't seem to bypass this either. In case of algorithm none, the validate function generates an empty signature which is then compared to the provided signature, which won't match.

jasongoodwin commented 8 years ago

I'm removing the validate in future versions (1.0.0) as I'm implementing RSA. The user must produce the verifier explicitly then to deal with this.

Thanks for looking at this again.