You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
0x02 What kind of vulnerability is it? Who is impacted?
This vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.
0x03 Vulnerability details
The Proof of Concept (PoC) below demonstrates how this vulnerability can lead to a DoS attack:
This vulnerability is demonstrated by comparing the processing times of a compressed token to an uncompressed token of the same length. The compressed token's processing time is significantly higher, showcasing the vulnerability's potential impact.
Code related to the vulnerability is located at jose.go
To mitigate this vulnerability, it is recommended to limit the maximum token length to 250K. This approach has also
been adopted by the JWT library System.IdentityModel.Tokens.Jwt used in Microsoft Azure [1], effectively preventing
attackers from exploiting this vulnerability with high compression ratio tokens.
Thank you for acknowledging the vulnerability and agreeing on the proposed mitigation strategy. If there's anything more I can help with or further information needed to address this vulnerability, please let me know. I look forward to seeing the implementation and am happy to assist in any way possible to ensure a secure and robust update.
JWT bomb Attack in
decode
function0x01 Affected version
vendor: https://github.com/dvsekhvalnov/jose2go
version: Versions prior to v1.6.0 are vulnerable.
0x02 What kind of vulnerability is it? Who is impacted?
This vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.
0x03 Vulnerability details
The Proof of Concept (PoC) below demonstrates how this vulnerability can lead to a DoS attack:
This vulnerability is demonstrated by comparing the processing times of a compressed token to an uncompressed token of the same length. The compressed token's processing time is significantly higher, showcasing the vulnerability's potential impact.
Code related to the vulnerability is located at
jose.go
0x04 Mitigation
To mitigate this vulnerability, it is recommended to limit the maximum token length to 250K. This approach has also
been adopted by the JWT library System.IdentityModel.Tokens.Jwt used in Microsoft Azure [1], effectively preventing
attackers from exploiting this vulnerability with high compression ratio tokens.
0x05 References
[1] CVE-2024-21319
The text was updated successfully, but these errors were encountered: