Does this affect node-jsonwebtoken?
http://blog.intothesymmetry.com/2017/03/critical-vulnerability-in-json-web.html
Another recent article:
https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-bad-standard-that-everyone-should-avoid
The "None" algorithm is particularly problematic.
Found this article from 2015 - but would like someone from Auth0 to officially chime in:
https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
@simoami It looks like if you provide a secretOrPublicKey then verify won't accept alg: "none". Not sure about the vulnerability described in http://blog.intothesymmetry.com/2017/03/critical-vulnerability-in-json-web.html
@juhamust node-jsonwebtoken does not implement JWK/JWE so you're fine. There is no encryption done here (besides the standard base64 encoding/decoding which makes up a JWT).
node-jsonwebtoken is only used for JWS/JWT.
Note: A JWS is a _signed_ JWT.
@randallbpotter15 not an issue here either. The article points out a common vulnerability in many JWT packages, namely that the verify method does not require an algorithm be defined.
If you take a look at the README.md for this project and look under:
jwt.verify(token, secretOrPublicKey, [options, callback])
....you will see that we can actually define the algorithm in options.
Thanks for the info. I'll consider the issue closed for now.
I've answered this on behalf of Auth0 on a related issue here: https://github.com/auth0/node-jsonwebtoken/issues/321#issuecomment-286734923
What about this article?
http://blog.websecurify.com/2017/02/hacking-json-web-tokens.html
Hi @Santinell, in the case of the attack you metioned your server is using RS256 (or other asymmetric algorithm) for signing but you allow other algorithms on verifying based on JWT token header and using same secret (the public key).
By default the library performs some checks to the secret you pass on verifying, so if your server is passing a public key to verify it won't allow symmetric algorithms to be used and it will fail with invalid algorithm error.
However, if you pass in the verify() options { algorithms: ['HS256', 'RS256'] } and the secret is your public key, then you are opening your server to this attack.
Most helpful comment
@randallbpotter15 not an issue here either. The article points out a common vulnerability in many JWT packages, namely that the
verifymethod does not require an algorithm be defined.If you take a look at the README.md for this project and look under:
jwt.verify(token, secretOrPublicKey, [options, callback])
....you will see that we can actually define the algorithm in
options.