Authlib JWS Verification Vulnerability Allowing RFC 7515 Crit Header Bypass

A vulnerability exists in Authlib, a Python library for building OAuth and OpenID Connect servers, in versions prior to 1.6.4. The issue arises in the JWS verification process, where the library accepts tokens with unknown critical header parameters, contrary to RFC 7515 requirements. This flaw allows an attacker to create a signed token that includes a critical header, such as 'bork' or 'cnf', which strict verifiers would normally reject. The vulnerability can lead to authorization policy bypass, replay attacks, or privilege escalation, particularly in environments with mixed programming languages.

Impact

Exploitation of this vulnerability can cause a split-brain verification scenario, where a strict verifier rejects a token, but a lenient Authlib-based service accepts it. This can bypass security policies and enable replay or privilege escalation if the critical headers carry binding or policy information.

Reproduction

The vulnerability can be reproduced by using Authlib version 1.6.3 to deserialize a JWS token that includes an unknown critical header parameter. This can be done by crafting a token with the 'crit' header listing the unknown parameter and a signature that Authlib will accept. Once the token is deserialized, Authlib will incorrectly accept it, demonstrating the bypass of the 'must-understand' requirement.

Remediation

Users are advised to update to Authlib version 1.6.4 or later, where this vulnerability has been patched.