fast-jwt Critical Header Parameter Validation Vulnerability

A vulnerability exists in fast-jwt versions through 6.1.0, where the library fails to properly validate the 'crit' (Critical) Header Parameter in JSON Web Signatures (JWS). According to RFC 7515 §4.1.11, if a JWS token includes a 'crit' array with unrecognized extensions, the token should be rejected. However, fast-jwt accepts such tokens, violating the RFC's requirements. This issue can lead to 'split-brain' verification in environments using different libraries, bypassing security policies that rely on 'crit' extensions, and ignoring token binding requirements under RFC 7800.

Impact

Exploitation of this vulnerability can cause 'split-brain' verification issues when different libraries are used to process the same token, potentially leading to incorrect authorization decisions. It can also bypass security policies that depend on 'crit' extensions, allowing unauthorized actions to be performed. Additionally, it can disrupt token binding mechanisms defined in RFC 7800, which could be exploited to bypass multi-factor authentication requirements, according to the vulnerability reporter.

Reproduction

To reproduce this vulnerability, create a JWS using fast-jwt version 3.3.3. Include a 'crit' header parameter with an extension that fast-jwt does not understand, such as 'x-custom-policy'. When the token is verified, fast-jwt will incorrectly accept it, despite the inclusion of an unsupported critical extension, which should have caused the verification to fail.

Remediation

Users are advised to update to fast-jwt version 6.1.1 or later, where this vulnerability has been addressed.