Jwt None Algorithm Attack

The JWT None Algorithm attack exploits a vulnerability in how some JWT libraries handle the 'none' algorithm parameter. This attack allows an attacker to bypass authentication by forging tokens that claim to use no signature verification at all.

Here's how it works: When a JWT token is created, it contains three parts separated by dots: header, payload, and signature. The header specifies which algorithm was used to sign the token. Normally, this would be something like HS256 (HMAC with SHA-256) or RS256 (RSA with SHA-256).

The vulnerability occurs when a JWT library accepts 'none' as a valid algorithm in the header, even when the server expects a signed token. An attacker can modify the token's header to specify 'alg: none', remove the signature, and the server will accept it as valid because it doesn't verify the signature when 'none' is specified.

Here's a practical example:

# Original valid token (simplified)
header = {"alg": "HS256", "typ": "JWT"}
payload = {"sub": "1234567890", "name": "John Doe"}

# Attacker modifies it
signature = ""  # Empty signature
none_token = "eyJhbGciOiJub25lIiwidHlwIjoiSldTIn0.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIn0."

The key issue is that many JWT implementations didn't properly validate that the algorithm specified in the token matched what the server expected. An RS256-signed token could be modified to claim it was HS256, allowing the attacker to use the public key as the HMAC secret.

This vulnerability affected numerous JWT libraries across different languages, including some versions of Auth0's jwt-node, PyJWT, and others. The problem was documented in CVE-2015-2951 and similar CVEs across various libraries.

Attackers target APIs using JWT tokens for authentication by exploiting this vulnerability. The attack typically follows this pattern:

1. Capture a valid JWT token from an API response or by observing traffic
2. Modify the token's header to use 'alg: none'
3. Remove the signature portion of the token
4. Send the modified token back to the API

For example, consider an API endpoint that requires authentication:

GET /api/user/profile HTTP/1.1
Authorization: Bearer eyJhbGciOiJub25lIiwidHlwIjoiSldTIn0.eyJzdWIiOiIxMjM0NTY3ODkwIn0.

If the API server accepts this token without proper validation, the attacker gains unauthorized access to the user's profile data.

The attack becomes more dangerous when combined with other vulnerabilities. For instance, if the API doesn't properly validate user roles in the token payload, an attacker could modify the 'role' claim to escalate privileges:

{
  "alg": "none",
  "typ": "JWT"
}

{
  "sub": "1234567890",
  "role": "admin",  // Modified from 'user' to 'admin'
  "iat": 1516239022
}

This could allow access to administrative endpoints, data deletion, or other privileged operations without proper authorization.

Real-world impact: In 2015, several high-profile services were found vulnerable to this attack, including some implementations of Auth0 and Firebase. The vulnerability could lead to complete account takeover, data breaches, and unauthorized access to sensitive API endpoints.

Detecting JWT None Algorithm vulnerabilities requires both static analysis of your JWT implementation and dynamic testing of your API endpoints. Here's how to protect your APIs:

Prevention Best Practices:

1. Always validate the algorithm: Never trust the 'alg' field from the token. Instead, specify the expected algorithm on the server side and reject any tokens that don't match.
2. Use strong algorithms: Prefer RS256 (asymmetric) over HS256 (symmetric) when possible, as it's harder to exploit through algorithm confusion.
3. Whitelist allowed algorithms: Implement a strict whitelist of acceptable algorithms and reject all others.
4. Keep JWT libraries updated: Ensure you're using the latest versions of JWT libraries, as many have patched these vulnerabilities.

Code Example - Secure Implementation:

# Secure JWT validation in Python using PyJWT
import jwt
from jwt.exceptions import InvalidTokenError

# Whitelist of allowed algorithms
ALLOWED_ALGORITHMS = ['RS256']

# Pre-configured public key
PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----
...your public key here...
-----END PUBLIC KEY-----"

def validate_jwt(token):
    try:
        # Specify the algorithm explicitly - DO NOT trust token's 'alg' field
        decoded = jwt.decode(
            token,
            PUBLIC_KEY,
            algorithms=ALLOWED_ALGORITHMS,
            options={"verify_aud": False}  # Adjust based on your needs
        )
        return decoded
    except (InvalidTokenError, jwt.exceptions.InvalidAlgorithmError):
        raise ValueError("Invalid or tampered token")

Testing for Vulnerabilities:

middleBrick's API security scanner includes specific checks for JWT None Algorithm vulnerabilities. The scanner tests your API endpoints by attempting to authenticate with modified tokens that use the 'none' algorithm and comparing the responses to detect if authentication can be bypassed.

The scanner also checks for algorithm confusion vulnerabilities by attempting to use public keys as HMAC secrets, which is another common JWT vulnerability. These tests run automatically when you submit your API endpoint to middleBrick, providing you with a security score and detailed findings about any JWT-related vulnerabilities discovered.

Additional Security Measures:

• Implement proper key management and rotation policies
• Use short token expiration times to limit the window of exploitation
• Log and monitor for suspicious authentication attempts
• Consider using refresh tokens with stricter validation
• Implement rate limiting on authentication endpoints

By combining secure coding practices with automated security scanning through tools like middleBrick, you can ensure your APIs are protected against JWT None Algorithm attacks and other JWT-related vulnerabilities.