OpenID Connect Audience Injection Vulnerability in Private Key JWT Authentication

A vulnerability allowing audience injection has been identified in OpenID Connect Core versions through 1.0 errata set 2. This issue arises when the private_key_jwt authentication mechanism is used. A malicious Authorization Server could manipulate a Client into including attacker-controlled values in the audience claim, such as token endpoints or issuer identifiers of other Authorization Servers. This could enable the malicious Authorization Server to use these private key JWTs to impersonate the Client.

Impact

Exploitation of this vulnerability allows for audience injection in private key JWT assertions, enabling impersonation of the Client by a malicious Authorization Server.

Reproduction

To reproduce this vulnerability, a Client must be configured to use the private_key_jwt authentication mechanism with an Authorization Server that is not trusted. The malicious Authorization Server can then inject values into the audience claim, which the Client will accept and use to authenticate with the Authorization Server.

Remediation

Clients should be updated to use the Authorization Server's issuer identifier as the audience claim in private_key_jwt assertions. Authorization Servers should be configured to only accept their own issuer identifier in the audience claim. These changes will be incorporated into the OpenID Connect and FAPI specifications, with guidance for implementers available from the OpenID Foundation.