cve/CVE-2017-11424.md at 32646c20e71810932fbd5e08aba28eaca6211a4d

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-12-14 20:08:44 +00:00

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

In PyJWT 1.5.0 and below the invalid_strings check in HMACAlgorithm.prepare_key does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enables symmetric/asymmetric key confusion attacks against users using the PKCS1 PEM encoded public keys, which would allow an attacker to craft JWTs from scratch.

POC

Reference

No PoCs from references.

Github

https://github.com/CompassSecurity/security_resources
https://github.com/aymankhder/security_resources
https://github.com/silentsignal/rsa_sign2n

1.0 KiB Raw Blame History

CVE-2017-11424

Description

POC

Reference

Github

1.0 KiB

Raw Blame History