fast-jwt Leading Whitespace Vulnerability in Public Key PEM Matcher Allows JWT Algorithm Confusion Attack

A vulnerability in fast-jwt versions through 6.1.0 allows for a JWT algorithm confusion attack by exploiting the publicKeyPemMatcher regex in the key verification process. The regex, which is intended to match the beginning of a public key PEM string, can be bypassed by any leading whitespace. This flaw reintroduces the same vulnerability that was supposedly fixed in CVE-2023-48223, where an RSA public key could be misclassified as an HMAC secret, allowing for unauthorized token manipulation.

Impact

This vulnerability allows attackers to manipulate JWTs by exploiting the algorithm verification process. By introducing leading whitespace into a public key, an attacker can cause the verification function to misclassify the key, leading to unauthorized actions being performed based on the forged token. This vulnerability directly bypasses the protections that were implemented for CVE-2023-48223.

Reproduction

The vulnerability can be reproduced by creating an RSA key pair and introducing a leading whitespace into the public key string, simulating real-world scenarios where such whitespace is common. When this modified key is used to verify a JWT signed with HMAC, the verification will incorrectly accept the token, thereby exploiting the vulnerability.