Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Back

---
gem: json-jwt
date: 2018-04-30
url: https://github.com/nov/json-jwt/pull/62
cve: 2018-1000539
title: Auth tag forgery vulnerability with AES-GCM encrypted JWT
description: |
  Ruby's OpenSSL bindings do not check the length of the supplied
  authentication tag when decrypting an authenticated encryption mode
  such as AES-GCM, leaving this up to the authors of a gem/app to
  implement for properly validating the message.

  json-jwt was not checking for the authentication tag length, meaning
  that with a one byte tag the JWT would be considered not tampered
  with. This means that with an average of 128 (max 256) attempts an
  attacker can forge a valid signature.
unaffected_versions:
- "< 0.5.1"
patched_versions:
- ">= 1.9.4"