IETF Logo Mail Archive

Re: [OAUTH-WG] JWT: Algorithm choice as an attack vector

Jim Manico <jim@manicode.com> Sun, 09 October 2016 16:38 UTC

Return-Path: <jim@manicode.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F4ED129573 for <oauth@ietfa.amsl.com>; Sun, 9 Oct 2016 09:38:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=manicode-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eq7u3190qzXN for <oauth@ietfa.amsl.com>; Sun, 9 Oct 2016 09:38:13 -0700 (PDT)
Received: from mail-pf0-x234.google.com (mail-pf0-x234.google.com [IPv6:2607:f8b0:400e:c00::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96D39129427 for <oauth@ietf.org>; Sun, 9 Oct 2016 09:38:13 -0700 (PDT)
Received: by mail-pf0-x234.google.com with SMTP id 190so43774422pfv.0 for <oauth@ietf.org>; Sun, 09 Oct 2016 09:38:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=manicode-com.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to; bh=AD/mJCaap8866Y5Z9tRKBNkG82SzrLx7Uunle7lIkLI=; b=djuE3UNQ7dYQ9LuvWaGyM6J1v+VgJERRNgfcuR9LDZhmaRL2T9c4wKFKHohGlo5M+o 51OCNxfULlkU0Em2JZGFioC9DrGHi5Mo5PWfwh7VCSHQRTgIbRA7F2knwl7gqz4zsPPM Qc2oTaroVGxF+Qv/9xN9pNI2xGNoVhnqs2lQQPvOqAIzZ8aI+7AYXDpa3o2ftFlszs4a XwYLVTUfopfg8nYk62HqZBJlnkQ+wrbTux1x/2TDfoiIiE9B47LSlOdiLv41FE+zIfzF L4mslwxdVwIqV5UklM1IKRe9Jlfs7JPVVzmBQOe0FafWcxn4IomZsUyAseUJfEevU78K h04Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to; bh=AD/mJCaap8866Y5Z9tRKBNkG82SzrLx7Uunle7lIkLI=; b=L334CNg9/rP9eLUeK2ao7olVNAmuY1D+mvoobJ2FbX6Dc6sDn68KdGwDnYYPBAfRNn E0TkxDv7ChoIXE2BwRaHJgDv+MhC4QfQppedIlyhKJKoBOGpYuzexfxGIRwEua8AYUag LJ6MNPoJj1peazodfjAec/Xhhhg0K/Q2eVi/2yLSMgBB/VnAlJv2HwtCJSs63Dp1pgyZ GSkUoxca/i/umQ9n2g0S6qkkg8413YgTmp8401QDTQk/imQRW52f8jB0YjRoOnw7O3IP ieufH/Omxk39z/z82Y2hu7vfF3d/7sKYFTx6vfMQamTcYoNwmCVlfAAxKz0cCLrS0koc nyWA==
X-Gm-Message-State: AA6/9RlRY25JQ2ILNkymAvJG0ggDBomIHzEzc8nJLBpFPBWOw+AKafLqf9CqgnFx/ZB0du8f
X-Received: by 10.98.208.1 with SMTP id p1mr14372274pfg.44.1476031092948; Sun, 09 Oct 2016 09:38:12 -0700 (PDT)
Received: from heembo.local ([2605:e000:112b:c167:35d4:21ec:8e67:8e04]) by smtp.googlemail.com with ESMTPSA id f86sm28000621pfd.83.2016.10.09.09.38.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 09 Oct 2016 09:38:12 -0700 (PDT)
To: Vladimir Dzhuvinov <vladimir@connect2id.com>, oauth@ietf.org
References: <CAObXGQzoRXC2TSA3Dk8fRF=hB=fuzRamZOPvHDzp7cQcjHR8Yg@mail.gmail.com> <d959b93a-d7a7-94c2-f4fb-29e49b58ce5c@connect2id.com>
From: Jim Manico <jim@manicode.com>
Message-ID: <0cd4f857-1365-98ae-8f1e-e3921311c771@manicode.com>
Date: Sun, 09 Oct 2016 06:38:11 -1000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <d959b93a-d7a7-94c2-f4fb-29e49b58ce5c@connect2id.com>
Content-Type: multipart/alternative; boundary="------------07FEDDB42C9F59BC7BFFE7DF"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/NXjd-K2PEzXJMj8jJi0Cz1_0AK8>
Subject: Re: [OAUTH-WG] JWT: Algorithm choice as an attack vector
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Oct 2016 16:38:15 -0000

> A good app contract will specify which algs and header parameters are
accepted, and discard all JWTs that don't match these rules, before
passing the JWTs for validation to the library.

While this is ideal it's not always practical for authorization servers
that need to support a wide array of algs and header parameters.

This is also why - in addition to a good app contract - these token
should be proof tokens at multiple layers - including mutual TLS.

Aloha, Jim


On 10/5/16 7:11 PM, Vladimir Dzhuvinov wrote:
> Hi Maciej,
>
> Apps must not accept arbitrary JWTs, neither let the JWT header alone
> drive the JWT validation process.
>
> A good app contract will specify which algs and header parameters are
> accepted, and discard all JWTs that don't match these rules, before
> passing the JWTs for validation to the library.
>
>
> On 03/10/16 18:46, Maciej Kwidzinski wrote:
>> Hi,
>>
>> Tim McLean describes an attack vector on JWT-protected services in his
>> blog post: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
>>
>> The culprit is relying on the algorithm in the JWT header. The
>> workaround/recommendation is to ignore the algorithm from the header
>> and use a predefined one.
>>
>> The current RFC 7519 does not address this vulnerability.
>> Will this problem be addressed in the standard?
>>
>> Best regards,
>> Maciej Kwidziński
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

-- 
Jim Manico
Manicode Security
https://www.manicode.com

v2.23.0 | Report a Bug | By Email