Skip to main content

embedded-jwk-trust-bypass-node-jose

Embedded JWK Trust Bypass (node-jose)

CVE-2018-0114 affects Cisco’s node-jose library (< 0.11) and allows attackers to forge valid JWTs by embedding their own public key (JWK) inside the JWT header.

The core issue is simple but severe:

The application blindly trusts the JWK provided inside the JWT header and uses it to verify the token signature.

This completely breaks authentication, since an attacker can:

  1. Generate their own RSA key pair
  2. Embed the public key in the JWT header (jwk)
  3. Sign the token with the matching private key
  4. The server verifies the token using the attacker-controlled key and accepts it as valid

Exploitation Strategy

High-level steps

  1. Generate your own RSA key pair
  2. Extract n and e from the public key
  3. Embed them in the JWT header as jwk
  4. Sign the JWT with the matching private key
  5. Set payload to admin=true (or equivalent)
  6. Send forged JWT to the application

Detailed Steps

Step 1: We first Generate New RSA Key with format being JWK from burpsuite:

TODO image

Step 2: Change payload to admin user, then we can use Attack > Embedded JWK feature.

TODO image

Step 3: We are now logged in as admin user.