-
Notifications
You must be signed in to change notification settings - Fork 237
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Algorithm confusion with OpenSSH ECDSA keys and other key formats #346
Comments
This vulnerability is now tracked under CVE-2024-33663 |
danigm
added a commit
to danigm/python-jose
that referenced
this issue
May 2, 2024
This change should fix mpdavis#346 security issue. The code is based on pyjwt change: jpadilla/pyjwt@9c52867
danigm
added a commit
to danigm/python-jose
that referenced
this issue
May 2, 2024
danigm
added a commit
to danigm/python-jose
that referenced
this issue
May 2, 2024
On decode, require algorithms to be specified to avoid algorithm confusion when verify_signature is True. This is similar to what pyJWT is doing in https://github.com/jpadilla/pyjwt/blob/master/jwt/api_jwt.py#L146-L149 See mpdavis#346
Merged
13 tasks
danigm
added a commit
to danigm/python-jose
that referenced
this issue
May 31, 2024
This change should fix mpdavis#346 security issue. The code is based on pyjwt change: jpadilla/pyjwt@9c52867
dalf
added a commit
to bitem-heg-geneve/CellTriage-api
that referenced
this issue
Jul 29, 2024
The webapp does not use JWT python-jose seems unmaintained: * mpdavis/python-jose#340 * CVE --> mpdavis/python-jose#346 Possible remplacement: * pyjwt: https://github.com/jpadilla/pyjwt * joserfc: https://github.com/authlib/joserfc
dalf
added a commit
to bitem-heg-geneve/CellTriage-api
that referenced
this issue
Jul 29, 2024
The webapp does not use JWT python-jose seems unmaintained: * mpdavis/python-jose#340 * CVE --> mpdavis/python-jose#346 Possible remplacement: * pyjwt: https://github.com/jpadilla/pyjwt * joserfc: https://github.com/authlib/joserfc
dalf
added a commit
to bitem-heg-geneve/CellTriage-api
that referenced
this issue
Jul 29, 2024
The webapp does not use JWT python-jose seems unmaintained: * mpdavis/python-jose#340 * CVE --> mpdavis/python-jose#346 Possible remplacement: * pyjwt: https://github.com/jpadilla/pyjwt * joserfc: https://github.com/authlib/joserfc
Hi ! is this something that 's planned to be fixed? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue description
If the
algorithm
field is left unspecified when callingjwt.decode
, the library will allow HS256 verification with OpenSSH ECDSA public keys, and similar key formats. PyJWT had this excact same issue/vulnerability, tracked under CVE-2022-29217The issue stems from two sources:
algorithms
field injwt.decode
is not mandatory, allowing developers to shoot themselves in the footIn the file jose/backends/cryptography_backend.py, lines 555-560, the list
invalid_strings
is defined as a blacklist against public key prefixes. This is to disallow the verification of HMAC tokens with asymmetric public keys.This is not adequate protection, as any public key which does not contain these prefixes would slip through the cracks. Like for example OpenSSH ECDSA public keys.
Proposed solution
Same solution as for the patch for CVE-2022-29217. A more thorough, comprehensive check of whether the verifying key is asymmetric, see here.
Also make non-usage of the
algorithms
keyword throw an exception, or at the very least a warning, so that the developer at least knows they are doing something silly by not using it.Proof-of-Concept
Here is a simplified Proof-of-Concept using pycryptodome for key generation that illustrates one way this could be exploited
The text was updated successfully, but these errors were encountered: