cve/2018/CVE-2018-0114.md

### [CVE-2018-0114](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0114)
![](https://img.shields.io/static/v1?label=Product&message=Node-jose%20Library&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-347&color=brighgreen)

### Description

A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header.

### POC

#### Reference
- https://github.com/zi0Black/POC-CVE-2018-0114
- https://www.exploit-db.com/exploits/44324/

#### Github
- https://github.com/0xT11/CVE-POC
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CyberSecurityUP/CVE-2018-0114-Exploit
- https://github.com/Eremiel/CVE-2018-0114
- https://github.com/Logeirs/CVE-2018-0114
- https://github.com/Starry-lord/CVE-2018-0114
- https://github.com/The-Cracker-Technology/jwt_tool
- https://github.com/adityathebe/POC-CVE-2018-0114
- https://github.com/amr9k8/jwt-spoof-tool
- https://github.com/anthonyg-1/PSJsonWebToken
- https://github.com/crpytoscooby/resourses_web
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/freddd/forger
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/j4k0m/CVE-2018-0114
- https://github.com/lnick2023/nicenice
- https://github.com/mishmashclone/ticarpi-jwt_tool
- https://github.com/mmeza-developer/CVE-2018-0114
- https://github.com/mxcezl/JWT-SecLabs
- https://github.com/pinnace/burp-jwt-fuzzhelper-extension
- https://github.com/puckiestyle/jwt_tool
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/scumdestroy/CVE-2018-0114
- https://github.com/scumdestroy/pentest-scripts-for-dangerous-boys
- https://github.com/ticarpi/jwt_tool
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
- https://github.com/zhangziyang301/jwt_tool
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-0114](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0114)`
			`![](https://img.shields.io/static/v1?label=Product&message=Node-jose%20Library&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-347&color=brighgreen)`

			`### Description`

			A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header.

			`### POC`

			`#### Reference`
			`- https://github.com/zi0Black/POC-CVE-2018-0114`
			`- https://www.exploit-db.com/exploits/44324/`

			`#### Github`
			`- https://github.com/0xT11/CVE-POC`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/CyberSecurityUP/CVE-2018-0114-Exploit`
			`- https://github.com/Eremiel/CVE-2018-0114`
			`- https://github.com/Logeirs/CVE-2018-0114`
			`- https://github.com/Starry-lord/CVE-2018-0114`
			`- https://github.com/The-Cracker-Technology/jwt_tool`
			`- https://github.com/adityathebe/POC-CVE-2018-0114`
			`- https://github.com/amr9k8/jwt-spoof-tool`
			`- https://github.com/anthonyg-1/PSJsonWebToken`
			`- https://github.com/crpytoscooby/resourses_web`
			`- https://github.com/developer3000S/PoC-in-GitHub`
			`- https://github.com/freddd/forger`
			`- https://github.com/hectorgie/PoC-in-GitHub`
			`- https://github.com/j4k0m/CVE-2018-0114`
			`- https://github.com/lnick2023/nicenice`
			`- https://github.com/mishmashclone/ticarpi-jwt_tool`
			`- https://github.com/mmeza-developer/CVE-2018-0114`
			`- https://github.com/mxcezl/JWT-SecLabs`
			`- https://github.com/pinnace/burp-jwt-fuzzhelper-extension`
			`- https://github.com/puckiestyle/jwt_tool`
			`- https://github.com/qazbnm456/awesome-cve-poc`
			`- https://github.com/scumdestroy/CVE-2018-0114`
			`- https://github.com/scumdestroy/pentest-scripts-for-dangerous-boys`
			`- https://github.com/ticarpi/jwt_tool`
			`- https://github.com/xbl3/awesome-cve-poc_qazbnm456`
			`- https://github.com/zhangziyang301/jwt_tool`