{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/jwt-framework--4.2.99/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["jwt-framework \u003c= 4.2.99","jwt-library \u003c 3.4.10","jwt-library \u003e= 4.0.0, \u003c 4.0.7","jwt-library \u003e= 4.1.0, \u003c 4.1.7"],"_cs_severities":["high"],"_cs_tags":["vulnerability","php","jwt","web","authentication-bypass"],"_cs_type":"advisory","_cs_vendors":["composer/web-token"],"content_html":"\u003cp\u003eThe \u003ccode\u003eweb-token/jwt-framework\u003c/code\u003e and \u003ccode\u003eweb-token/jwt-library\u003c/code\u003e PHP packages are affected by a Time-of-Check/Time-of-Use (TOCTOU) vulnerability that allows attackers to perform algorithm confusion attacks. Specifically, in \u003ccode\u003eJWSVerifier::getAlgorithm()\u003c/code\u003e and \u003ccode\u003eJWEDecrypter\u003c/code\u003e, header merging logic (\u003ccode\u003e...\u003c/code\u003e spread operator or \u003ccode\u003earray_merge()\u003c/code\u003e) incorrectly prioritizes the unprotected \u003ccode\u003ealg\u003c/code\u003e (algorithm) parameter over the integrity-protected one when duplicate keys exist. This means that while the protected header's \u003ccode\u003ealg\u003c/code\u003e might be validated (e.g., \u003ccode\u003eRS256\u003c/code\u003e), the actual signature verification or decryption might proceed with an attacker-specified \u003ccode\u003ealg\u003c/code\u003e from the unprotected header (e.g., \u003ccode\u003eHS256\u003c/code\u003e or \u003ccode\u003enone\u003c/code\u003e). This bypasses cryptographic integrity checks, enabling authentication bypass, unauthorized access, or information disclosure, making it critical for applications relying on these libraries for secure JWT handling.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access / Reconnaissance:\u003c/strong\u003e An attacker identifies a web application utilizing JSON Web Tokens (JWTs) for authentication or authorization.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMalicious JWT Creation:\u003c/strong\u003e The attacker crafts a JWT containing a protected header with a strong, integrity-protected algorithm (e.g., \u003ccode\u003ealg: RS256\u003c/code\u003e) and an unprotected header specifying a weaker or symmetric algorithm (e.g., \u003ccode\u003ealg: HS256\u003c/code\u003e or \u003ccode\u003ealg: none\u003c/code\u003e), intending for the unprotected \u003ccode\u003ealg\u003c/code\u003e to override the protected one.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eToken Submission:\u003c/strong\u003e The attacker sends this crafted, malicious JWT to the vulnerable web application, typically within an HTTP \u003ccode\u003eAuthorization\u003c/code\u003e header or as a cookie.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Merging (TOCTOU):\u003c/strong\u003e Upon receiving the JWT, the application's \u003ccode\u003eJWSVerifier\u003c/code\u003e or \u003ccode\u003eJWEDecrypter\u003c/code\u003e component merges the protected and unprotected headers. Due to the vulnerability, the \u003ccode\u003ealg\u003c/code\u003e parameter from the unprotected header overwrites the \u003ccode\u003ealg\u003c/code\u003e from the protected header in the internal merged array.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAlgorithm Validation (Time-of-Check):\u003c/strong\u003e An initial check (e.g., by \u003ccode\u003eHeaderCheckerManager\u003c/code\u003e) might validate the \u003ccode\u003ealg\u003c/code\u003e from the \u003cem\u003eprotected\u003c/em\u003e header (e.g., \u003ccode\u003eRS256\u003c/code\u003e), which passes, creating a false sense of security.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSignature/Decryption (Time-of-Use):\u003c/strong\u003e The \u003ccode\u003eJWSVerifier\u003c/code\u003e or \u003ccode\u003eJWEDecrypter\u003c/code\u003e proceeds to verify the JWT signature (or decrypt the payload) using the \u003ccode\u003ealg\u003c/code\u003e parameter that was \u003cem\u003eoverridden\u003c/em\u003e by the unprotected header (e.g., \u003ccode\u003eHS256\u003c/code\u003e or \u003ccode\u003enone\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAuthentication Bypass / Data Compromise:\u003c/strong\u003e If the attacker chose an \u003ccode\u003ealg\u003c/code\u003e like \u003ccode\u003enone\u003c/code\u003e or could forge a valid signature for a symmetric key (\u003ccode\u003eHS256\u003c/code\u003e), the system may successfully validate the JWT.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImpact:\u003c/strong\u003e This leads to unauthorized access, impersonation of legitimate users, or decryption of sensitive data, allowing the attacker to bypass authentication mechanisms.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eIf exploited, this vulnerability leads to a severe authentication bypass, allowing attackers to forge valid JSON Web Tokens (JWTs) and gain unauthorized access to web applications. This could result in full account takeover, privilege escalation, and access to sensitive data or functionality that should be restricted. The impact is significant for applications that rely on \u003ccode\u003eweb-token/jwt-framework\u003c/code\u003e or \u003ccode\u003eweb-token/jwt-library\u003c/code\u003e for secure session management, API authentication, or inter-service communication. Organizations across all sectors using PHP applications with these specific JWT libraries are at risk, as the integrity of their authentication and authorization mechanisms is compromised.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately update \u003ccode\u003ecomposer/web-token/jwt-framework\u003c/code\u003e to a patched version (e.g., newer than 4.2.99) to address the algorithm confusion vulnerability.\u003c/li\u003e\n\u003cli\u003eImmediately update \u003ccode\u003ecomposer/web-token/jwt-library\u003c/code\u003e to a patched version (e.g., \u0026gt;= 3.4.10, \u0026gt;= 4.0.7, \u0026gt;= 4.1.7) to address the algorithm confusion vulnerability.\u003c/li\u003e\n\u003cli\u003eReview application logs for entries indicating JWT verification failures or unexpected algorithm usage for authentication (refer to the \u003ccode\u003eDetect JWT Algorithm Verification Errors\u003c/code\u003e rule).\u003c/li\u003e\n\u003cli\u003eEnsure verbose application logging is enabled for JWT processing and verification steps to aid in detection of anomalous \u003ccode\u003ealg\u003c/code\u003e parameter usage (refer to the \u003ccode\u003eDetect JWT 'none' Algorithm Usage\u003c/code\u003e rule).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules in this brief to your SIEM and tune for your environment, specifically for \u003ccode\u003ewebserver\u003c/code\u003e logs that might contain application-level JWT processing details.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-06-18T21:14:03Z","date_published":"2026-06-18T21:14:03Z","id":"https://feed.craftedsignal.io/briefs/2026-06-php-jwt-algo-confusion/","summary":"A Time-of-Check/Time-of-Use (TOCTOU) vulnerability exists in the `JWSVerifier` and `JWEDecrypter` components of the `web-token/jwt-framework` and `web-token/jwt-library` PHP packages, allowing an attacker to override the integrity-protected `alg` parameter from the unprotected header, leading to authentication bypass and unauthorized access.","title":"PHP JWT Framework Algorithm Confusion Vulnerability (TOCTOU)","url":"https://feed.craftedsignal.io/briefs/2026-06-php-jwt-algo-confusion/"}],"language":"en","title":"CraftedSignal Threat Feed - Jwt-Framework \u003c= 4.2.99","version":"https://jsonfeed.org/version/1.1"}