CVE-2016-10555

Опубликовано: 31 мая 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Высокий

Описание

Since "algorithm" isn't enforced in jwt.decode()in jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants.

Ссылки

https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
Broken Link
Third Party Advisory
https://github.com/hokaccha/node-jwt-simple/pull/14
Issue Tracking
Third Party Advisory
https://github.com/hokaccha/node-jwt-simple/pull/16
Issue Tracking
Third Party Advisory
https://nodesecurity.io/advisories/87
Third Party Advisory
https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
Broken Link
Third Party Advisory
https://github.com/hokaccha/node-jwt-simple/pull/14
Issue Tracking
Third Party Advisory
https://github.com/hokaccha/node-jwt-simple/pull/16
Issue Tracking
Third Party Advisory
https://nodesecurity.io/advisories/87
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jwt-simple_project:jwt-simple:*:*:*:*:*:node.js:*:*

Версия до 0.3.0 (включая)

EPSS

Процентиль: 99%

0.81652

Высокий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-20

CWE-310

Связанные уязвимости

GHSA-vgrx-w6rg-8fqf

github

больше 7 лет назад

Forgeable Public/Private Tokens in jwt-simple