get-jwks Cache Poisoning Vulnerability Allowing Issuer Validation Bypass

A cache poisoning vulnerability has been identified in the get-jwks package, specifically in versions prior to 11.0.2. This issue affects the JWKS key-fetching mechanism, where the validation of the 'iss' (issuer) claim occurs only after keys are retrieved from the cache. As a result, it is possible for cached keys from an unexpected issuer to be reused, bypassing issuer validation. This flaw enables an attacker to craft two JWTs: the first fetches and stores a public key in the JWKS cache, and the second uses that cached key to pass signature validation for a targeted issuer. The vulnerability arises when 'iss' validation is performed after retrieving keys from get-jwks, which is the common practice.

Impact

Exploiting this vulnerability allows attackers to sign arbitrary payloads with a chosen public key, which will be accepted by the application's JWT verifier, effectively bypassing issuer validation.

Reproduction

To reproduce this vulnerability, first, create a JWT that includes a 'iss' claim pointing to a legitimate issuer. This JWT will be used to cache a public key in the JWKS cache. Next, create a second JWT that uses the cached key to pass signature validation for a targeted issuer. The key is to ensure that the 'iss' validation is performed after the keys are fetched from get-jwks, which is the default behavior.

Remediation

Users are advised to update to version 11.0.2 or later, where this vulnerability has been patched.