<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Centrifugo - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/tags/centrifugo/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Fri, 03 Jul 2026 12:28:16 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/tags/centrifugo/feed.xml" rel="self" type="application/rss+xml"/><item><title>Centrifugo JWKS Cache Authentication Bypass</title><link>https://feed.craftedsignal.io/briefs/2026-07-centrifugo-jwks-auth-bypass/</link><pubDate>Fri, 03 Jul 2026 12:28:16 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-centrifugo-jwks-auth-bypass/</guid><description>A critical authentication bypass vulnerability exists in Centrifugo v6's dynamic JWKS endpoint feature, allowing an attacker to bypass JWT authentication for one tenant by leveraging a valid token from another tenant due to incorrect JWKS key caching indexed only by the `kid`.</description><content:encoded><![CDATA[<p>A severe authentication bypass vulnerability affects Centrifugo v6, a real-time messaging server, specifically within its dynamic JSON Web Key Set (JWKS) endpoint feature. This flaw, not yet assigned a CVE, enables an attacker to gain unauthorized access to one tenant's resources by exploiting a valid token from a separate, distinct tenant. The vulnerability stems from Centrifugo's JWKS key cache and <code>singleflight</code> mechanism, which are keyed solely by the <code>kid</code> (key ID) value from a JWT header, rather than a combination of the <code>kid</code> and the resolved JWKS endpoint, issuer, or audience. This design oversight means that if an attacker can ensure their issuer's key, sharing a <code>kid</code> with another target tenant, is cached first, they can forge JWTs for users within the target tenant. This leads to unauthorized connection and subscription token acceptance, posing a significant risk to multi-tenant Centrifugo deployments using dynamic JWKS configurations.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li><strong>Initial Token Acquisition</strong>: An attacker obtains or mints a valid JWT for an authorized issuer/tenant (e.g., Tenant A) with a specific <code>kid</code> value in its header. This JWT is signed by Tenant A's private key.</li>
<li><strong>Cache Priming (Tenant A)</strong>: The attacker presents Tenant A's valid JWT to the Centrifugo server, triggering the dynamic JWKS endpoint to fetch Tenant A's public key corresponding to the JWT's <code>kid</code>. This public key is then stored in Centrifugo's JWKS cache, indexed only by the <code>kid</code>.</li>
<li><strong>Token Forgery (Tenant B)</strong>: The attacker crafts a new JWT, claiming to be a user in a different target issuer/tenant (e.g., Tenant B), but importantly, uses the <em>same <code>kid</code></em> value in the header and signs it with <em>Tenant A's private key</em>.</li>
<li><strong>Forged Token Presentation</strong>: The attacker presents this forged Tenant B JWT to the Centrifugo server for authentication (e.g., connection or subscription verification).</li>
<li><strong>Vulnerable Cache Lookup</strong>: Centrifugo attempts to verify the forged Tenant B JWT. When performing the JWKS key lookup, it queries its cache using only the <code>kid</code> from the forged token.</li>
<li><strong>Cross-Tenant Key Reuse</strong>: Because the <code>kid</code> matches the key previously cached for Tenant A, Centrifugo retrieves and uses Tenant A's public key (instead of Tenant B's intended key) to verify the forged Tenant B token.</li>
<li><strong>Authentication Bypass</strong>: Since the forged token was signed by Tenant A's private key and verified by Tenant A's public key (due to the cache hit), the verification succeeds, granting the attacker unauthorized access as the claimed user in Tenant B.</li>
<li><strong>Impact</strong>: The attacker achieves unauthorized connection or subscription to Tenant B's services, leading to data exposure, unauthorized actions, and compromise of integrity or confidentiality within the target tenant.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>This vulnerability results in a cross-issuer/cross-tenant JWT authentication bypass in Centrifugo deployments configured to use dynamic JWKS endpoints. The primary impact is unauthorized access, allowing an attacker who can acquire or forge a token for one tenant to impersonate users in another tenant if both share a <code>kid</code> value and the attacker's key is cached first. This directly compromises the integrity of connection and subscription token verification. Consequences include unauthorized user authentication within a different namespace and potential cross-tenant confidentiality and integrity breaches, as the server incorrectly trusts tokens across isolated trust domains, particularly in multi-tenant environments where <code>iss</code> or <code>aud</code> claims are used to derive dynamic JWKS URLs.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li><strong>Patch Centrifugo</strong>: Immediately apply any available patches or updates from the vendor (Centrifugal) that address this JWKS caching vulnerability.</li>
<li><strong>Review JWKS Configuration</strong>: Reconfigure Centrifugo to avoid dynamic JWKS endpoint templates that rely solely on <code>kid</code> for key identification across different trust domains, if a patch is not immediately available.</li>
<li><strong>Audit JWKS <code>kid</code> Usage</strong>: Review all JWKS documents for Centrifugo deployments to ensure that <code>kid</code> values are unique across all potential issuer/audience configurations, if dynamic JWKS is used.</li>
<li><strong>Segment Multi-Tenant Environments</strong>: Implement network and logical segmentation between tenants to limit the blast radius in case of a successful authentication bypass.</li>
</ul>
]]></content:encoded><category domain="severity">critical</category><category domain="type">advisory</category><category>authentication-bypass</category><category>jwt</category><category>jwks</category><category>centrifugo</category><category>web-application</category></item></channel></rss>