Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upMake algorithm option required to verify signature #184
Conversation
If the algorithm is not provided and the one in the token's header is used instead, we might be vulnerable to the attack explained here: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/ For ex: A server expecting an RSA signed token would do this: `JWT.decode(token, rsa_public)` So an attacker can potentially sign a token with HS256 using the same RSA public key (which is publicly available), and the server will think it's valid. `JWT.encode({ user: 1 }, rsa_public, 'HS256')` This doesn't seem to be exploitable right now because the current implementation of OpenSSL::HMAC.digest expects a string as the key, so if rsa_public is an OpenSSL::PKey::RSA object, JWT.decode will raise an error. But it would be better not to depend on this OpenSSL::HMAC.digest behavior
|
Thanks for fixing this security issue. |
This was referenced Sep 6, 2017
jurriaan
added a commit
to jurriaan/signet
that referenced
this pull request
Sep 15, 2017
This version of ruby-jwt requires specification of the algorithm (see jwt/ruby-jwt#184) for more information.
jurriaan
added a commit
to jurriaan/google-auth-library-ruby
that referenced
this pull request
Sep 15, 2017
This version of ruby-jwt requires specification of the algorithm (see jwt/ruby-jwt#184) for more information. I've created a PR on signet to. That has to be merged before ruby-jwt 2.0 can be really used (see googleapis/signet#93). Tested locally against ruby-jwt 2.0 and 1.5.6.
jurriaan
added a commit
to jurriaan/google-auth-library-ruby
that referenced
this pull request
Sep 15, 2017
This version of ruby-jwt requires specification of the algorithm (see jwt/ruby-jwt#184) for more information. I've created a PR on signet to. That has to be merged before ruby-jwt 2.0 can be really used (see googleapis/signet#93). Tested locally against ruby-jwt 2.0 and 1.5.6.
jurriaan
added a commit
to jurriaan/google-auth-library-ruby
that referenced
this pull request
Sep 15, 2017
This version of ruby-jwt requires specification of the algorithm (see jwt/ruby-jwt#184) for more information. I've created a PR on signet to. That has to be merged before ruby-jwt 2.0 can be really used (see googleapis/signet#93). Tested locally against ruby-jwt 2.0 and 1.5.6.
jurriaan
added a commit
to jurriaan/signet
that referenced
this pull request
Sep 18, 2017
This version of ruby-jwt requires specification of the algorithm (see jwt/ruby-jwt#184) for more information.
dazuma
added a commit
to googleapis/signet
that referenced
this pull request
Oct 4, 2017
* Support ruby-jwt 2.0 This version of ruby-jwt requires specification of the algorithm (see jwt/ruby-jwt#184) for more information. * Use specific version of JRuby to fix CI for now
oleksandrbyk
added a commit
to oleksandrbyk/olek-google-auth-library
that referenced
this pull request
Mar 4, 2019
This version of ruby-jwt requires specification of the algorithm (see jwt/ruby-jwt#184) for more information. I've created a PR on signet to. That has to be merged before ruby-jwt 2.0 can be really used (see googleapis/signet#93). Tested locally against ruby-jwt 2.0 and 1.5.6.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
EmilioCristalli commentedJan 17, 2017
Looks like this was discussed before in #107, which was closed with a README update specifying the algorithm was required, but it doesn't seem like the code is actually requiring it.
If the algorithm is not provided and the one in the token's header is used
instead, we might be vulnerable to the attack explained here:
https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
For ex:
A server expecting an RSA signed token would do this:
JWT.decode(token, rsa_public)So an attacker can potentially sign a token with HS256 using the same RSA public
key (which is publicly available), and the server will think it's valid.
JWT.encode({ user: 1 }, rsa_public, 'HS256')This doesn't seem to be exploitable right now because the current implementation
of OpenSSL::HMAC.digest expects a string as the key, so if rsa_public is an
OpenSSL::PKey::RSA object, JWT.decode will raise an error. But it would be
better not to depend on this OpenSSL::HMAC.digest behavior