CVE-2022-23540
Signature Validation Bypass vulnerability in jsonwebtoken (npm)
What is CVE-2022-23540 About?
This vulnerability affects jsonwebtoken library versions <=8.5.1, enabling a signature validation bypass due to defaulting to the 'none' algorithm under specific conditions. Attackers can forge JWTs without a valid signature, leading to authentication bypass or impersonation, making it a critical threat with moderate exploitation ease.
Affected Software
Technical Details
In jsonwebtoken library versions <=8.5.1, a critical vulnerability exists in the jwt.verify() function. If the function is called without explicitly specifying a list of allowed algorithms, and a falsy secret or key (e.g., null, false, undefined) is provided, the function defaults to allowing the 'none' algorithm for signature verification. An attacker can craft a JSON Web Token (JWT) with the alg header set to 'none' and an empty signature. Because the jwt.verify() function would then accept this token as valid due to the 'none' algorithm bypass and the falsy secret, it effectively allows an attacker to forge JWTs, leading to authentication bypass, privilege escalation, or impersonation without needing the legitimate secret key.
What is the Impact of CVE-2022-23540?
Successful exploitation may allow attackers to bypass authentication, impersonate legitimate users, or gain unauthorized access to protected resources.
What is the Exploitability of CVE-2022-23540?
Exploitation complexity is moderate. It requires an attacker to identify an endpoint that processes JWTs and uses a vulnerable version of the library (<=8.5.1). The key prerequisites are that the jwt.verify() function is called without explicitly defined algorithms, and a falsy secret/key (null, false, undefined) is passed to it. No authentication is typically needed to send the forged token, as the goal is to bypass authentication. Privilege requirements are low for the attacker. This is a remote vulnerability. The special conditions for exploitation are critical: a token with no signature must be received, no algorithms specified in verify(), and a falsy secret/key used. Risk factors increase significantly if applications frequently use default settings for library functions or if secrets are dynamically loaded in a way that could result in a falsy value under certain error conditions.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2022-23540?
About the Fix from Resolved Security
This patch introduces validation to ensure the asymmetric key type matches the selected algorithm when signing or verifying JWTs, throwing an error if an unsupported or mismatched key type is used. This addresses CVE-2022-23540 by preventing attackers from exploiting improper key/algorithm combinations, which could otherwise undermine JWT security guarantees. The fix stops potential misuse of keys, such as using a DSA or an RSA key with an EC algorithm, by enforcing strict checks before cryptographic operations.
Available Upgrade Options
- jsonwebtoken
- <9.0.0 → Upgrade to 9.0.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6
- https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3
- https://github.com/auth0/node-jsonwebtoken
- https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6
- https://security.netapp.com/advisory/ntap-20240621-0007/
- https://security.netapp.com/advisory/ntap-20240621-0007
- https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3
- https://nvd.nist.gov/vuln/detail/CVE-2022-23540
- https://osv.dev/vulnerability/GHSA-qwph-4952-7xr6
What are Similar Vulnerabilities to CVE-2022-23540?
Similar Vulnerabilities: CVE-2015-2921 , CVE-2020-13824 , CVE-2018-1000531 , CVE-2016-10551 , CVE-2017-1000008
