Primary

Context

Ceph RadosGW Authentication Bypass Vulnerability via JWT with 'none' Algorithm

Vulnerability

An authentication bypass vulnerability has been identified in Ceph RadosGW OIDC provider, affecting versions through 19.2.0. The issue arises from the acceptance of JSON Web Tokens (JWT) that use 'none' as the algorithm, allowing the bypass of signature verification. This vulnerability was discovered during a penetration test.

Impact

Exploitation of this vulnerability allows for authentication bypass, potentially leading to unauthorized access or actions within the application.

Reproduction

To reproduce this vulnerability, send a JWT with 'none' as the algorithm to the Ceph RadosGW endpoint. The JWT signature will not be verified, bypassing authentication. This can be done using a tool that allows manipulation of JWTs, such as a JWT debugger or a custom script.

Added: Jul 30, 2025, 8:44 PM

Updated: Jul 30, 2025, 8:44 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

6.6

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

6.6

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ceph RadosGW Authentication Bypass Vulnerability via JWT with 'none' Algorithm

Vulnerability

Impact

Reproduction

Affected Products

Ceph

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating