Query PR
github/codeql#14075
Language
Java
CVE(s) ID list
CWE
No response
Report
Some functions/methods of some JWT packages do not verify the JWT signature, and sometimes developers use it by mistake, if developers are using this intentionally then they should be careful about future contributions so I think especially in open source projects this is not recommended to using this method.
Also, I wrote a query that improves the current hardcoded JWT secret keys query because Some JWT packages use a function as input to return the secret on some conditions that developers specify. I used two Taint module configurations one for finding these functions and two for any constant key that can be tainted to first return the value of these key functions. So with this, we can be sure that we can find the right constant secret key (if it exists). I found some results with MRVA which are new!
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
No response
Query PR
github/codeql#14075
Language
Java
CVE(s) ID list
CWE
No response
Report
Some functions/methods of some JWT packages do not verify the JWT signature, and sometimes developers use it by mistake, if developers are using this intentionally then they should be careful about future contributions so I think especially in open source projects this is not recommended to using this method.
Also, I wrote a query that improves the current hardcoded JWT secret keys query because Some JWT packages use a function as input to return the secret on some conditions that developers specify. I used two Taint module configurations one for finding these functions and two for any constant key that can be tainted to first return the value of these key functions. So with this, we can be sure that we can find the right constant secret key (if it exists). I found some results with MRVA which are new!
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
No response