PT-2020-14289 · Ory · Ory Fosite

Published

2020-09-24

Updated

2021-11-18

CVE-2020-15222

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions ORY Fosite versions prior to 0.31.0

Description The uniqueness of the jti value is not checked when using "private key jwt" authentication. According to the OpenId specification, the jti assertion must be unique to prevent token reuse. However, Hydra does not seem to check the uniqueness of this jti value, allowing the token to be replayed.

Recommendations For versions prior to 0.31.0, update to version 0.31.0 to fix the issue. As a temporary workaround, consider disabling the use of "private key jwt" authentication method until a patch is available. Restrict access to clients using "private key jwt" to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-345

Related Identifiers

CVE-2020-15222

GHSA-V3Q9-2P3M-7G43

GO-2021-0110

Affected Products

Ory Fosite

PT-2020-14289 · Ory · Ory Fosite

CVE-2020-15222

Weakness Enumeration

Related Identifiers

Affected Products

References · 10