CVE-2024-54150

Name of the Vulnerable Software and Affected Versions cjwt versions prior to 2.3.0

Description The issue is related to algorithm confusion when verifying the type of signature used in JSON Web Tokens (JWT). If a system does not differentiate between HMAC signed tokens and RS/EC/PS signed tokens during verification, it becomes vulnerable to this kind of attack. An attacker could craft a token with the alg field set to "HS256" while the server expects an asymmetric algorithm like "RS256". The server might mistakenly use the wrong verification method, such as using a public key as the HMAC secret, leading to unauthorized access. For RSA, the key can be computed from a few signatures. For Elliptic Curve (EC), two potential keys can be recovered from one signature. This can be used to bypass the signature mechanism if an application relies on asymmetrically signed tokens.

Recommendations For versions prior to 2.3.0, upgrade to version 2.3.0 or later to address the issue. There are no known workarounds for this vulnerability. As a temporary workaround, consider restricting access to the vulnerable token verification mechanism until a patch is available. Avoid using the alg field in the affected API endpoint until the issue is resolved.