JWT algorithm confusion
Description
We sent a token with an invalid algorithm and it was accepted by the server. In this case, HS256 (HMAC with SHA-256) is a symmetric algorithm, which means that the same key is used to sign and verify the token.
Remediation
You must enforce the algorithm used to sign the token.
GraphQL Specific
Apollo
Ensure that the Apollo framework is configured to only accept a secure and explicit list of algorithms for JWT validation. Avoid using 'none' or any algorithm not intended for your application. Implement checks to reject JWTs with 'alg' headers that don't match the expected algorithm. It's also recommended to use a library that provides strong defaults and has been well-reviewed for security.
Yoga
To mitigate the JWT algorithm confusion vulnerability in the Yoga framework engine, ensure that the server explicitly verifies the JWT token using a secure and expected algorithm. Do not rely on user input for selecting the algorithm. Configure the JWT library to reject tokens that do not specify a matching algorithm (e.g., 'HS256'). Additionally, implement proper error handling to reject any tokens that fail verification.
Awsappsync
Ensure that the AWS AppSync GraphQL API is configured to use only secure and recommended algorithms for JSON Web Tokens (JWTs). Avoid using the 'none' algorithm, and do not allow the algorithm to be specified by the user. Implement strict server-side checks to enforce the expected algorithm, such as HS256 or RS256, and validate the JWT signature accordingly. Regularly review and update the cryptographic practices to align with current best practices and recommendations.
Graphqlgo
To mitigate the JWT algorithm confusion vulnerability in a GraphQL Go framework engine, ensure that the server explicitly verifies the JWT 'alg' header against a whitelist of allowed algorithms. Do not rely on client-supplied parameters for selecting the algorithm. Implement strong checks to compare the algorithm in the JWT header with the expected algorithm. If the algorithm does not match the expected one, reject the token and log the attempt. Additionally, consider using a well-maintained JWT library that provides built-in protections against this type of attack.
Graphqlruby
To mitigate the JWT algorithm confusion vulnerability in a GraphQL Ruby framework engine, ensure that the server explicitly verifies the JWT token using a secure, server-side defined algorithm. Do not allow the client to dictate the algorithm used for verification. This can be achieved by configuring the JWT library to use a constant algorithm, such as 'HS256', and rejecting any tokens that specify a different algorithm. Additionally, always validate the JWT with a strong, private key that is kept secure and never exposed to the client. Regularly rotate your keys and audit your token handling code to prevent exploitation of this vulnerability.
Hasura
Ensure that the Hasura engine is configured to accept only strong and secure JWT algorithms, such as RS256, and reject none algorithm. Explicitly specify the allowed algorithms in the JWT configuration and avoid using weaker algorithms like HS256 if the secret key is not managed securely. Additionally, keep the JWT secret key confidential and rotate it periodically to maintain security.
REST Specific
Asp_net
Ensure the ASP.NET application explicitly validates the JWT algorithm used during token verification. Configure the JWT middleware to only accept a predefined list of secure algorithms, such as RS256, and reject tokens with non-matching algorithms. This can be done by setting the TokenValidationParameters.ValidAlgorithms property to the list of acceptable algorithms and by checking the algorithm in the JWT header before processing the token.
Ruby_on_rails
Ensure the JWT library in your Ruby on Rails application explicitly verifies the token algorithm against a whitelist of accepted algorithms. Configure the JWT decode function to only accept the expected algorithm, such as RS256, and reject tokens with mismatched or none specified algorithms. This can be done by setting the 'verify_iss' and 'algorithm' options in your JWT decode call. Additionally, always use a strong, private key for token signing and keep it secure.
Next_js
Ensure the server strictly validates the JWT algorithm specified in the token header. Configure the JWT library to accept only the expected algorithm, such as RS256, and reject tokens with a different 'alg' parameter to prevent algorithm confusion attacks. In Next.js, use a robust library like 'jsonwebtoken' with a fixed algorithm setting in the verification step.
Laravel
Ensure the JWT library in Laravel is configured to accept only a specific, secure algorithm such as RS256 or ES256 for token verification. Reject any tokens with a different 'alg' header. Use the 'jwt-auth' package's 'allowed_algs' configuration to specify acceptable algorithms and validate the 'alg' claim rigorously to prevent algorithm confusion attacks.
Express_js
Ensure the Express.js application explicitly verifies the JWT with the expected algorithm. Configure the JWT middleware to reject tokens with algorithms other than the one you have securely chosen (e.g., RS256 for asymmetric verification). This can be done by setting the 'algorithms' option in the jwt.verify() method or within the express-jwt configuration. Additionally, implement proper error handling to catch and respond to invalid algorithm errors.
Django
Ensure the Django application is configured to only accept a secure and appropriate algorithm for JWT validation, such as RS256. In the settings, explicitly specify the algorithm in the JWT_AUTH configuration and validate the 'alg' header in the token against this expected algorithm. Reject any tokens that do not match the expected algorithm to prevent algorithm confusion attacks.
Symfony
Ensure the JWT library in Symfony is configured to explicitly check for the expected 'alg' parameter in the token's header. Reject any tokens that do not match the expected algorithm, typically by using a whitelist approach. Update the JWT handling code to use a library that provides secure default behavior and does not allow algorithm 'none'. Regularly review and update the security configurations to keep up with best practices and known vulnerabilities.
Spring_boot
Ensure the JWT parser in the Spring Boot application is configured to only accept a predefined set of secure algorithms. Explicitly specify the allowed algorithms using the .setAllowedAlgorithms() method of the JwtParser, and avoid using none as an allowed algorithm. Additionally, implement proper key management to safeguard the secret keys used for token signing and verification.
Flask
Ensure the Flask application explicitly verifies the JWT algorithm used. Configure the JWT library to only accept a predefined list of secure algorithms, such as RS256 or ES256, and reject tokens with non-matching algorithms. Use a library like PyJWT and its 'algorithms' argument to define allowed algorithms. For example: jwt.decode(token, key, algorithms=['RS256']).
Nuxt
Ensure the server validates the JWT's 'alg' header. Configure the JWT library to reject tokens with unexpected algorithms, particularly 'none'. Use a library that provides strong defaults against algorithm substitution attacks. Regularly audit your JWT handling code and dependencies for security updates.
Fastapi
Ensure the FastAPI application explicitly verifies the JWT algorithm used. Configure the JWT library to only accept a predefined list of secure algorithms, such as RS256, and reject tokens with non-matching algorithms. This can be done by setting the appropriate parameters in the JWT decoding function, such as algorithms=['RS256'], to prevent algorithm confusion attacks.
Configuration
Identifier:
injection/jwt_alg_confusion
Examples
Ignore this check
checks:
injection/jwt_alg_confusion:
skip: true
Score
- Escape Severity: HIGH
Compliance
OWASP: API2:2023
pci: 6.5.10
gdpr: Article-32
soc2: CC6
psd2: Article-95
iso27001: A.14.2
nist: SP800-63B
fedramp: SC-12
Classification
- CWE: 287
Score
- CVSS_VECTOR: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
- CVSS_SCORE: 9.3