JWE Ruby Library Authentication Tag Validation Vulnerability Allowing Brute Force Attacks

A vulnerability exists in the JWE Ruby library, specifically in versions through 1.1.0, where the authentication tags of encrypted JSON Web Encrypted (JWE) objects can be brute-forced. This flaw may lead to a loss of confidentiality for the affected JWEs and allows for the creation of arbitrary JWEs. The vulnerability is particularly concerning because it enables modification of JWEs to decrypt to specific values, manipulation of parsing differences to extract decrypted information, and potential recovery of the internal GHASH key used in Galois/Counter Mode (AES-GCM) encryption. Notably, all users of the library are affected, regardless of whether they use AES-GCM for encryption.

Impact

Exploitation of this vulnerability could result in unauthorized decryption of JWE objects, allowing attackers to access sensitive information. Additionally, the vulnerability could be exploited to craft JWE objects that, when decrypted, yield arbitrary values, potentially leading to further security issues. The ability to recover the GCM internal GHASH key could also be exploited, as this key may have been leaked, necessitating a rotation of encryption keys after upgrading to the patched version.

Remediation

Users should upgrade to JWE version 1.1.1, which addresses the vulnerability by adding necessary validation for the authentication tag length in the AES-GCM algorithm. After upgrading, it is crucial to rotate the encryption keys, as the GHASH key may have been compromised.