{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/fast-jwt--6.2.3/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["fast-jwt (\u003c= 6.2.3)"],"_cs_severities":["critical"],"_cs_tags":["jwt","authentication-bypass","vulnerability","fast-jwt"],"_cs_type":"advisory","_cs_vendors":["npm"],"content_html":"\u003cp\u003eThe \u003ccode\u003efast-jwt\u003c/code\u003e library, up to version 6.2.3, contains a critical authentication bypass vulnerability that allows an attacker to forge JWTs. This occurs when the application uses an asynchronous key resolver that can return an empty string (\u0026rsquo;\u0026rsquo;) or zero-length buffer. When \u003ccode\u003efast-jwt\u003c/code\u003e receives this empty value, it incorrectly derives allowed HMAC algorithms and proceeds to verify the token against an empty key, effectively bypassing authentication. This flaw can be exploited in scenarios using the JWKS pattern, where a key ID (kid) lookup might result in an empty string if the key is not found. The vulnerability allows attackers to mint arbitrary JWTs, assuming any identity within the application.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a JWT with a chosen header and payload, including malicious claims such as \u003ccode\u003eadmin: true\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker sets the \u003ccode\u003ekid\u003c/code\u003e (key ID) in the JWT header to a value that will result in an empty string lookup in the application\u0026rsquo;s key resolver (e.g., an unknown \u003ccode\u003ekid\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker computes the HMAC-SHA256 signature of the JWT header and payload using an empty string as the key.\u003c/li\u003e\n\u003cli\u003eThe attacker presents the forged JWT to the vulnerable application.\u003c/li\u003e\n\u003cli\u003eThe application\u0026rsquo;s async key resolver receives the JWT and attempts to retrieve the key based on the \u003ccode\u003ekid\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe key resolver returns an empty string (\u0026rsquo;\u0026rsquo;) or zero-length buffer because the \u003ccode\u003ekid\u003c/code\u003e is not found.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003efast-jwt\u003c/code\u003e converts the empty string to a zero-length Buffer and uses it to create an HMAC secret key. It also determines the allowed algorithms as HS256, HS384 and HS512.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003efast-jwt\u003c/code\u003e verifies the forged JWT\u0026rsquo;s signature against the empty key, which succeeds because the attacker used an empty key to create the signature.\u003c/li\u003e\n\u003cli\u003eThe application accepts the forged JWT as authentic, granting the attacker the privileges associated with the claims in the token.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows attackers to bypass authentication and assume any identity within the application. This can lead to unauthorized access to sensitive data, privilege escalation, and other malicious activities. Any Node.js application using fast-jwt with a function-typed \u003ccode\u003ekey\u003c/code\u003e resolver and the JWKS pattern is potentially vulnerable. The impact is significant because the attacker can mint arbitrary JWTs with attacker-chosen claims (sub, admin, roles, scopes, etc.) leading to full identity assumption. Default configurations are exploitable. Once a forged token is accepted, fast-jwt caches the verification result, amplifying the impact.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to a patched version of \u003ccode\u003efast-jwt\u003c/code\u003e that addresses CVE-2026-44351.\u003c/li\u003e\n\u003cli\u003eApply the suggested fix by rejecting zero-length HMAC secrets in \u003ccode\u003eprepareKeyOrSecret\u003c/code\u003e as described in the advisory.\u003c/li\u003e\n\u003cli\u003eIf upgrading is not immediately possible, modify the application\u0026rsquo;s key resolver to explicitly reject empty strings or zero-length buffers and return an error.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules in this brief to your SIEM to detect attempts to exploit this vulnerability.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious JWTs with empty or invalid \u003ccode\u003ekid\u003c/code\u003e values.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-fastjwt-auth-bypass/","summary":"A critical vulnerability in the fast-jwt library allows attackers to forge JWTs by exploiting the acceptance of empty HMAC secrets in the async key resolver, leading to authentication bypass.","title":"fast-jwt Authentication Bypass Vulnerability via Empty HMAC Secret","url":"https://feed.craftedsignal.io/briefs/2024-01-fastjwt-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Fast-Jwt (\u003c= 6.2.3)","version":"https://jsonfeed.org/version/1.1"}