-
Notifications
You must be signed in to change notification settings - Fork 403
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] JWE is still valid after appending data to the Authenticaton Tag #2201
Comments
This is not a security issue, but should be fixed as it keeps coming up. |
@kellyyangsong, I think it's a duplicate of #1641 (also in scope for .NET9) |
Currentlyvar payload = new JObject()
{
{ JwtRegisteredClaimNames.Email, "[email protected]" },
{ JwtRegisteredClaimNames.GivenName, "Bob" },
{ JwtRegisteredClaimNames.Iss, "http://Default.Issuer.com"},
{ JwtRegisteredClaimNames.Aud, "http://Default.Audience.com" },
{ JwtRegisteredClaimNames.Iat, EpochTime.GetIntDate(DateTime.Parse("2017-03-17T18:33:37.095Z")).ToString() },
{ JwtRegisteredClaimNames.Nbf, EpochTime.GetIntDate(DateTime.Parse("2017-03-17T18:33:37.080Z")).ToString() },
{ JwtRegisteredClaimNames.Exp, EpochTime.GetIntDate(DateTime.Parse("2025-03-17T18:33:37.080Z")).ToString() },
}.ToString();
var jsonWebTokenHandler = new JsonWebTokenHandler();
var signingCredentials = Default.SymmetricSigningCredentials;
var encryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaPKCS1, SecurityAlgorithms.Aes128CbcHmacSha256);
var jwe = jsonWebTokenHandler.CreateToken(payload, signingCredentials, encryptingCredentials);
// altering the JWE by appending some stuff to the Authentication Tag
var invalidToken = jwe + "the_token_has_been_tampered_with";
var tokenValidationParameters = new TokenValidationParameters
{
TokenDecryptionKey = KeyingMaterial.RsaSecurityKey_2048,
IssuerSigningKey = Default.SymmetricSigningKey256,
ValidAudience = "http://Default.Audience.com",
ValidIssuer = "http://Default.Issuer.com",
};
var tokenValidationResult = await jsonWebTokenHandler.ValidateTokenAsync(invalidToken, tokenValidationParameters).ConfigureAwait(false);
// tokenValidationResult.IsValid == true Desired Behavior
How
|
@kevinchalet fyi on the comment above, which is a duplicate of #1641 |
Thanks for fixing that 👍🏻 That said, I'm not so sure it's the best approach:
I wonder if simply replacing Line 194 in d40999c
With that in place, I'd expect Lines 429 to 444 in d353b5a
|
@kevinchalet thanks for sharing your thoughts! We took some of your points into consideration - such as utilizing the existing mapping in |
My pleasure! Thanks for tagging me and for fixing this issue 👍🏻 |
Which version of Microsoft.IdentityModel are you using?
System.IdentityModel.Tokens.Jwt 7.1.0-preview
Where is the issue?
Is this a new or an existing app?
This is a new app or an experiment.
Repro
Expected behavior
The validation of the JWE should fail, as the Authentication Tag has been altered, thus no longer valid.
Extracted from RFC 7516, Section 5.2, regarding JWE decryption:
Actual behavior
The JWE is successfully validated when the Authentication Tag has been altered.
Possible solution
Check the actual length of the Authentication Tag and fail the validation if it does not match the expected value, according to the JWE encryption algorithm used.
The text was updated successfully, but these errors were encountered: