Hono JWT Middleware Algorithm Confusion Vulnerability Allowing Token Forgery

A vulnerability in Hono's JWK/JWKS JWT verification middleware prior to version 4.11.4 allowed the JWT header's 'alg' value to improperly influence signature verification. This issue arose when the selected JWK did not explicitly specify an algorithm, potentially leading to JWT algorithm confusion. In certain configurations, this flaw could enable the acceptance of forged tokens, bypassing authentication or authorization checks. The vulnerability is rooted in the middleware's reliance on untrusted JWT header values for algorithm verification, which could be exploited to manipulate token validation.

Impact

Exploitation of this vulnerability could result in authentication or authorization bypass, allowing forged JWTs with controlled claims to be accepted.

Reproduction

To reproduce this vulnerability, use Hono JWT middleware without specifying the 'alg' option, which is optional by default. This can be done by applying the middleware to a route and omitting the 'alg' parameter. Afterward, send a JWT with a manipulated 'alg' value that exploits the default fallback to HS256, potentially leading to a successful authentication or authorization bypass.

Remediation

Update to Hono version 4.11.4 or later. After upgrading, ensure that the JWT middleware is configured to explicitly require the 'alg' option, as the default fallback has been removed. Applications must adjust their JWT verification settings to include the appropriate algorithm.