Authentication Bypass by Assumed-Immutable Data in jws

CVE-2016-1000223

High

7.1/10

Summary

jws before 3.0.0 allows users to select what algorithm the server will use to verify a provided JWT. A malicious actor can use this behaviour to arbitrarily modify the contents of a JWT while still passing verification. For the common use case of the JWT as a bearer token, the end result is a complete authentication bypass with minimal effort.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-302 - Authentication Bypass by Assumed-Immutable Data

The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.

References

Advisory
Advisory
POC/Exploit

Advisory Timeline

Published Sep 01, 2020

Authentication Bypass by Assumed-Immutable Data in jws

CVE-2016-1000223

Summary

CWE-302 - Authentication Bypass by Assumed-Immutable Data

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS