CVE-2022-23539: Signature Verification vulnerability in jsonwebtoken (npm)

What is CVE-2022-23539 About?

The `jsonwebtoken` library versions up to 8.5.1 can be misconfigured to use insecure legacy key types with cryptographic algorithms they shouldn't, failing to properly validate asymmetric key types. This could allow attackers to bypass signature verification. Exploitation complexity is high, requiring specific knowledge of cryptographic misconfigurations.

Affected Software

jsonwebtoken <9.0.0

Technical Details

The vulnerability in jsonwebtoken versions <=8.5.1 arises from a lack of strict validation between the specified cryptographic algorithm (alg) and the actual key type used for signing or verification. Specifically, it was possible to configure the library to use a key type like DSA with algorithms intended for RSA (e.g., RS256) or ECDSA. This mismatch could be exploited if an attacker could substitute a weak or inappropriate key type for verification. While the alg header in a JWT indicates the expected algorithm, the library did not rigorously check if the provided public key's type (e.g., DSA) was compatible with the declared algorithm (e.g., RS256), allowing for a potential bypass of signature validation if a vulnerable configuration was in place. Version 9.0.0 addresses this by enforcing stricter checks on algorithm and key type combinations.

What is the Impact of CVE-2022-23539?

Successful exploitation may allow attackers to bypass signature verification, potentially leading to unauthorized access, impersonation, or data manipulation within systems relying on JWTs for authentication and authorization.

What is the Exploitability of CVE-2022-23539?

Exploitation complexity is high, requiring the attacker to understand system cryptographic configurations and potentially manipulate JWTs within a specific vulnerable setup. No direct authentication is required for the act of signature verification, but the attacker needs to interact with a system that processes JWTs. Privilege requirements are generally low for submitting JWTs but high for understanding and exploiting the cryptographic nuance. Exploitation is remote, as it involves sending malformed or mis-signed JWTs to an application. Special conditions include the jsonwebtoken library being configured with an invalid key type/algorithm combination and the attacker being able to craft such an exploit. Risk factors increasing exploitation likelihood include developers unknowingly using legacy key types with modern algorithms, or a general lack of cryptographic best practices in deployment.

What are the Known Public Exploits?

PoC Author	Link	Commentary
No known exploits

What are the Available Fixes for CVE-2022-23539?

A Fix by Resolved Security Exists!

Learn how we backport CVE fixes to your open-source libraries effortlessly.

About the Fix from Resolved Security

This patch adds explicit validation to ensure that only supported and correctly-matching asymmetric key types and parameters are used for signing and verifying JWTs, preventing the use of invalid, mismatched, or unsupported key types (like DSA or an EC key for an RSA algorithm). This addresses CVE-2022-23539 by blocking attackers from exploiting incorrect key type acceptance, which could let them forge or tamper with JWTs when inappropriate or legacy key types were previously accepted in cryptographic operations.

Available Upgrade Options

jsonwebtoken
- <9.0.0 → Upgrade to 9.0.0

Struggling with dependency upgrades?

See how Resolved Security's drop-in replacements make it simple.

Book a demo

Additional Resources

What are Similar Vulnerabilities to CVE-2022-23539?

Similar Vulnerabilities: CVE-2015-9235 , CVE-2017-1000381 , CVE-2018-0495 , CVE-2020-25658 , CVE-2022-29906

CVE-2022-23539 Signature Verification vulnerability in jsonwebtoken (npm)