You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Consequently, it's possible to use a set of keys with mismatching algorithms (i.e. in frameworks that consume this library), which would in turn make those libraries susceptible to algorithm confusion (see also: the HS256/RS256 attack from a few years ago).
Starting here:
python-jose/jose/jws.py
Lines 250 to 258 in be8e914
This correctly rejects invalid
alg
headers, as JWT implementations MUST to be secure.python-jose/jose/jws.py
Lines 259 to 262 in be8e914
However, the algorithm associated with the key returned from
_get_keys()
is not validated.python-jose/jose/jws.py
Lines 217 to 247 in be8e914
Which is unfortunate, since the underlying
verify
method expects aKey
object with the alg specified:python-jose/jose/jws.py
Lines 207 to 208 in be8e914
Consequently, it's possible to use a set of keys with mismatching algorithms (i.e. in frameworks that consume this library), which would in turn make those libraries susceptible to algorithm confusion (see also: the HS256/RS256 attack from a few years ago).
This is identical to the problem in firebase/php-jwt#351 https://seclists.org/fulldisclosure/2021/Aug/14
Note: This particular sharp edge isn't covered by the JWT Best Practices RFC.
The text was updated successfully, but these errors were encountered: