Skip to content

zi0Black/POC-CVE-2018-0114

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 

POC-CVE-2018-0114

This repository contains the POC of an exploit for node-jose < 0.11.0

Getting Started

A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header. (https://nvd.nist.gov/vuln/detail/CVE-2018-0114).

⚠️ For PTL students ⚠️ 

-If you are a student of PentesterLAB, I highly recommend you to try to create the code yourself to exploit this vulnerability!

Prerequisites

python 3 -> (Stating from the last merge)
python lib: base64,urllib,rsa,sys

Running the tests

To run the script just run the following command:

python jwk-node-jose.py "payload" {key-size}

(key-size whitout {} )

Authors

License

This project is licensed under the MIT License - see the LICENSE.md file for details

Acknowledgments

  • @eshaan7 - 2019
  • @LighTend3r - 2023

About

This repository contains the POC of an exploit for node-jose < 0.11.0

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages