Authlib JWS JWK Header Injection Vulnerability Allowing JWT Forgery and Signature Bypass

A JWK Header Injection vulnerability has been identified in Authlib, a Python library for building OAuth and OpenID Connect servers, prior to version 1.6.9. This vulnerability allows an unauthenticated attacker to forge JWT tokens that successfully pass signature verification. The issue arises when 'key=None' is passed to any JWS deserialization function, prompting the library to extract and use the cryptographic key from the attacker-controlled JWT 'jwk' header. By signing a token with their private key and embedding the corresponding public key in the header, an attacker can have the server accept the forged token as valid, thereby bypassing authentication and authorization. This vulnerability violates RFC 7515 by improperly using the 'jwk' header for key verification.

Impact

Exploitation of this vulnerability allows for authentication and authorization bypass. An attacker can impersonate any user or assume privileges encoded in JWT claims, such as admin roles or user IDs, without legitimate credentials. The forged token is treated as authentic, with no exceptions raised to indicate a problem.

Reproduction

To reproduce this vulnerability, first generate an RSA or EC key pair. Then, craft a JWT payload with desired claims, such as an admin role, and sign it with the private key. Embed the public key in the JWT 'jwk' header field. Use a key resolver that returns 'None' for unknown key IDs to trigger the vulnerability. When the token is deserialized with 'key=None', the library will use the embedded 'jwk' for verification, allowing the forged token to be accepted as valid.

Remediation

Users can update to Authlib version 1.6.9, where this vulnerability has been patched.