Algorithm confusion when verifying JSON Web Tokens with asymmetric public keys about authlib HOT 5 CLOSED

@stigtsp It seems fixed, the patch basically introduces a blocklist of public key formats when verifying with HMAC. I was not able to bypass this blocklist. But the patch could be much improved by requiring the developer to specify which algorithm is to be used (see patch for CVE-2022-29217). That way we would know for sure, rather than hoping the blocklist is comprehensive.

from authlib.

Released v1.3.1

from authlib.

This vulnerability is now tracked under CVE-2024-37568.

After testing, the patch provided in 1.3.1 seems adequate for any imminent exploitation of the vulnerability. However, for future releases, I would recommend the following:

1. Also make the algorithms field mandatory when decoding, or at the very least throw a warning when not used. The current patch resisted initial security testing by me, but there may be key formats not accounted for. Solving the root cause of this issue would be preferable.
2. Improve the error message when doing HMAC verification with a public key to more explicitly say what the problem is. I don't think the message "This key may not be safe to import" is adequately intuitive to help developer understand if their usage of the library is secure or not. A message such as "Asymmetric key formats may not be used with HMAC verification" would be much better.

Closing issue in faith that the above gets addressed in time. @lepture

from authlib.

@milliesolem Does this mean that CVE-2024-37568 is not fixed by v1.3.1?

from authlib.

@stigtsp @milliesolem it is a little hard to keep the compatibility while improve the security. I've changed the behavior in joserfc, you should not pass a string or bytes as the key now.

https://jose.authlib.org/en/
https://github.com/authlib/joserfc/blob/main/src/joserfc/jwk.py#L81

from authlib.