Authlib OpenID Connect ID Token Validation Vulnerability Allowing Token Substitution

A vulnerability exists in the Authlib Python library, specifically in versions prior to 1.6.9, related to the validation of OpenID Connect (OIDC) ID Tokens. The issue arises in the hash verification logic that validates the at_hash and c_hash claims. When the verification encounters an unsupported cryptographic algorithm, it fails open, allowing attackers to bypass integrity protections. By sending a forged ID Token with an unrecognized alg header, an attacker can manipulate the validation process, violating OIDC specifications and cryptographic principles. This vulnerability exposes applications to Token Substitution Attacks, particularly in Hybrid or Implicit OIDC flows.

Impact

Exploitation of this vulnerability allows for Token Substitution Attacks, where an attacker can replace legitimate Access Tokens or Authorization Codes with malicious ones, bypassing critical validation checks and potentially leading to unauthorized actions or access within the application.

Reproduction

The vulnerability can be reproduced by using Authlib version 1.6.8 or earlier. After installing Authlib, a forged ID Token can be created by setting the alg header to an unsupported value. When this token is validated using Authlib's OIDC flow, the at_hash or c_hash claims will be accepted without proper verification, demonstrating the fail-open behavior.

Remediation

Users can upgrade to Authlib version 1.6.9, where this vulnerability has been patched. The update is available on the Authlib GitHub releases page.