CVE-2018-0114

Description

A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header.

CVSS Version 3.1
CVSS Version 2.0

nvd
CVE ID: CVE-2018-0114
Base Score: 7.5
Base Severity: HIGH
Vector String:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Impact Score: 3.6
Exploitability Score: 3.9

nvd
CVE ID: CVE-2018-0114
Base Score: 5.0
Base Severity: MEDIUM
Vector String:AV:N/AC:L/Au:N/C:N/I:P/A:N

Proof Of Concept

zi0Black

This repository contains the POC of an exploit for node-jose < 0.11.0

Refrence: GitHub

Logeirs

Refrence: GitHub

adityathebe

POC for CVE-2018-0114 written in Go

Refrence: GitHub

Eremiel

python2.7 script for JWT generation

Refrence: GitHub

Starry-lord

Refrence: GitHub

scumdestroy

Exploit for Node-jose < 0.11.0 written in Ruby

Refrence: GitHub

j4k0m

Exploitation of a vulnerability in Cisco's node-jose, a JavaScript library created to manage JWT.

Refrence: GitHub

mmeza-developer

JWT Exploit

Refrence: GitHub

Pandora-research

Refrence: GitHub

amr9k8

Automate JWT Exploit (CVE-2018-0114)

Refrence: GitHub

Refrence: NVD

Description​

Proof Of Concept​

Description

Proof Of Concept