Headline
CVE-2016-5431: explicit alg check & secure hash comparison · nov/jose-php@1cce55e
The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens.
@@ -122,14 +122,20 @@ private function _verify($public_key_or_secret, $expected_alg = null) { $segments = explode('.’, $this->raw); $signature_base_string = implode('.’, array($segments[0], $segments[1])); if (!$expected_alg) { # NOTE: might better to warn here $expected_alg = $this->header[‘alg’]; $using_autodetected_alg = true; } switch ($expected_alg) { case 'HS256’: case 'HS384’: case 'HS512’: return $this->signature === hash_hmac($this->digest(), $signature_base_string, $public_key_or_secret, true); if ($using_autodetected_alg) { throw new JOSE_Exception_UnexpectedAlgorithm( ‘HMAC algs MUST be explicitly specified as $expected_alg’ ); } $hmac_hash = hash_hmac($this->digest(), $signature_base_string, $public_key_or_secret, true); return hash_equals($this->signature, $hmac_hash); case 'RS256’: case 'RS384’: case 'RS512’: