Hono JWK Middleware JWT Verification Vulnerability Allowing Algorithm Confusion

A vulnerability in the Hono web application framework's JWK/JWKS JWT verification middleware, prior to version 4.11.4, allowed the algorithm specified in the JWT header to influence signature verification. This issue arose when the selected JWK did not explicitly define an algorithm, enabling JWT algorithm confusion and, in certain configurations, the acceptance of forged tokens. The vulnerability has been addressed by requiring an explicit allowlist of asymmetric algorithms for verification, preventing the middleware from relying on untrusted JWT header values.

Impact

Exploitation of this vulnerability could lead to authentication or authorization bypass by allowing forged JWTs to be accepted as valid, depending on the application's configuration and the algorithms used.

Reproduction

To reproduce this vulnerability, use Hono's JWK middleware for JWT verification without specifying an algorithm allowlist. This can be done by omitting the 'alg' option when using the 'jwk' middleware with a 'jwks_uri' that points to a JWKS endpoint containing keys without an 'alg' field. After setting up the middleware, send a JWT that exploits the algorithm confusion by using a key from the JWKS that does not specify an algorithm, allowing the header's 'alg' value to be improperly trusted.

Remediation

Update to Hono version 4.11.4 or later. When using the JWK/JWKS middleware, specify an allowlist of allowed asymmetric algorithms. The 'alg' option is now required and should include only the algorithms that are explicitly permitted for verification.