CVE-2022-23541: jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
Overview
Versions <=8.5.1 of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function (referring to the secretOrPublicKey argument from the readme link) will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens.
Am I affected?
You will be affected if your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function.
How do I fix it? Update to version 9.0.0.
Will the fix impact my users?
There is no impact for end users
Other sources
A flaw was found in the jsonwebtoken library. Affected versions of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function will result in incorrect verification of tokens. Using a different algorithm and key combination in verification than what was used to sign the tokens, specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to the successful validation of forged tokens.
Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure implementation of key retrieval function. By sending a specially-crafted request, an attacker could exploit this vulnerability to forge Public/Private Tokens from RSA to HMAC.
— IBM
jsonwebtoken is an implementation of JSON Web Tokens. Versions <= 8.5.1 of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function referring to the secretOrPublicKey argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0.
— MITRE
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2022-23541?
CVE-2022-23541 is rated as a high severity vulnerability due to the potential for unauthorized access if the key retrieval function is misconfigured.
How do I fix CVE-2022-23541?
To fix CVE-2022-23541, update the jsonwebtoken library to version 9.0.0 or later.
Which versions of jsonwebtoken are affected by CVE-2022-23541?
Versions of the jsonwebtoken library that are affected by CVE-2022-23541 are those up to and including 8.5.1.
Are there any specific products affected by CVE-2022-23541?
Yes, products such as IBM Cognos Analytics versions up to 12.0.2 and versions from 11.2.0 to 11.2.4 FP2 are affected by CVE-2022-23541.
What is the impact of CVE-2022-23541?
The impact of CVE-2022-23541 can include exposure to security risks like unauthorized access to sensitive resources if not properly addressed.