Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at

Advisory Archive


gem: json-jwt
date: 2018-04-30
cve: 2018-1000539
title: Auth tag forgery vulnerability with AES-GCM encrypted JWT
description: |
  Ruby's OpenSSL bindings do not check the length of the supplied
  authentication tag when decrypting an authenticated encryption mode
  such as AES-GCM, leaving this up to the authors of a gem/app to
  implement for properly validating the message.

  json-jwt was not checking for the authentication tag length, meaning
  that with a one byte tag the JWT would be considered not tampered
  with. This means that with an average of 128 (max 256) attempts an
  attacker can forge a valid signature.
- "< 0.5.1"
- ">= 1.9.4"