How JWT Libraries Block Algorithm Confusion: Key Lessons for Code Review
When I wrote the first lab on algorithm confusion, I remember spending a bit of time trying to find a vulnerable library. As an attacker, you need a few things to go wrong to be able to exploit algorithm confusion attacks. In this blog post, we will cover why JWT libraries are not usually vulnerable to algorithm confusion.
A big part of learning security code review is to learn how developers commonly block attacks. The more knowledgeable you are about common ways to block attacks, the faster you are at reviewing code and the better you are at detecting anomalies that may be worth investigating.
With JWT, the attacker can pick the algorithm used to verify how a token is signed as the algorithm is based on the alg attribute of the header.
Algorithm confusion attacks happen when an application uses asymmetric signature (RSA or ECDSA). When developers verify the signature they write code that looks something like this:
They are using the public key public_key to verify the signature. Under the hood, if for example the application uses ECDSA, the token will have a header indicating that ECDSA should be used and the following will happen:
/cdn.vox-cdn.com/uploads/chorus_asset/file/25729619/247382_Apple_iMac_M4_NEdwards_0005.jpg)
