{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/jwe/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["jwt-library (\u003c 3.4.10)","jwt-framework (\u003c= 4.1.6)","jwt-library (\u003e= 4.0.0, \u003c 4.0.7)","jwt-library (\u003e= 4.1.0, \u003c 4.1.7)"],"_cs_severities":["medium"],"_cs_tags":["denial-of-service","web","php","jwt","jwe","cwe-400"],"_cs_type":"advisory","_cs_vendors":["composer/web-token"],"content_html":"\u003cp\u003eA high-severity denial-of-service vulnerability (CWE-400) has been discovered in the PHP JWT Library (composer/web-token/jwt-library and jwt-framework), affecting versions prior to 3.4.10, 4.0.7, and 4.1.7. This flaw allows an unauthenticated attacker to trigger an unbounded CPU consumption on a server processing JSON Web Encryption (JWE) tokens. Specifically, when JWEs utilize password-based key-encryption algorithms (PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW), the \u003ccode\u003ePBES2AESKW::unwrapKey()\u003c/code\u003e function reads the \u003ccode\u003ep2c\u003c/code\u003e (PBKDF2 iteration count) parameter directly from the attacker-controlled JOSE header. The absence of an upper bound on this parameter allows attackers to specify extremely high iteration counts (e.g., 100,000,000 or PHP_INT_MAX), causing the server to expend significant CPU resources on PBKDF2 computations before any key unwrapping validation occurs. This resource exhaustion can lead to severe service degradation or unavailability for targeted applications.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker crafts a malicious JSON Web Encryption (JWE) token.\u003c/li\u003e\n\u003cli\u003eThe attacker manipulates the protected JOSE header of the JWE to include a \u003ccode\u003ep2c\u003c/code\u003e (PBKDF2 iteration count) parameter with an arbitrarily large integer value (e.g., \u003ccode\u003e100,000,000\u003c/code\u003e or \u003ccode\u003ePHP_INT_MAX\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker sends this crafted JWE token to a vulnerable application endpoint (e.g., via an HTTP header, request body, or URL parameter).\u003c/li\u003e\n\u003cli\u003eThe vulnerable PHP JWT Library receives the JWE and attempts to process it using a registered PBES2-HS*+A*KW algorithm for key unwrapping.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ePBES2AESKW::unwrapKey()\u003c/code\u003e function extracts the \u003ccode\u003ep2c\u003c/code\u003e value from the JOSE header without adequate upper bound validation, as only \u003ccode\u003eis_int($p2c) \u0026amp;\u0026amp; $p2c \u0026gt; 0\u003c/code\u003e is checked.\u003c/li\u003e\n\u003cli\u003eThe function initiates \u003ccode\u003ehash_pbkdf2()\u003c/code\u003e with the excessively large \u003ccode\u003ep2c\u003c/code\u003e value, forcing the server's CPU to perform an intensive, prolonged computation for PBKDF2 key derivation.\u003c/li\u003e\n\u003cli\u003eThe server worker process becomes stalled, consuming significant CPU resources for an extended period (potentially tens of seconds per request), leading to resource exhaustion.\u003c/li\u003e\n\u003cli\u003eIf sufficient malicious JWEs are processed, the application or server becomes unresponsive, resulting in a denial-of-service condition due to uncontrolled resource consumption.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability leads to a severe denial-of-service (DoS) condition. Attackers can force target servers to dedicate substantial CPU resources to perform computationally expensive PBKDF2 iterations, effectively stalling worker processes. This resource exhaustion prevents legitimate users from accessing the application, resulting in service unavailability and potential data loss if stateful operations are interrupted. While the vulnerability description does not specify observed victim counts or sectors, any application utilizing the affected PHP JWT Library and configured to accept JWEs with PBES2 algorithms is at risk, particularly those exposed to unauthenticated input. The cost to the attacker for generating the malicious JWE is negligible compared to the server's computational burden.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the \u003ccode\u003ecomposer/web-token/jwt-library\u003c/code\u003e to versions 3.4.10, 4.0.7, or 4.1.7, or \u003ccode\u003ecomposer/web-token/jwt-framework\u003c/code\u003e to version 4.1.7 or later, which enforce a \u003ccode\u003eDEFAULT_MAX_COUNT = 1_000_000\u003c/code\u003e for \u003ccode\u003ep2c\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eIf immediate upgrade is not feasible, implement a custom header checker to validate and limit the \u003ccode\u003ep2c\u003c/code\u003e header parameter for JWEs before they are processed by the vulnerable library, as described in the source.\u003c/li\u003e\n\u003cli\u003eDisable PBES2 algorithms for JWE decryption if they are not strictly required, especially for tokens originating from untrusted sources.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rules to your SIEM to detect attempts to exploit this vulnerability or identify applications configured to use the affected PBES2 algorithms.\u003c/li\u003e\n\u003cli\u003eMonitor web server and PHP application logs for HTTP requests containing JWEs that use PBES2 algorithms or include abnormally large \u003ccode\u003ep2c\u003c/code\u003e values, as described in the detection rules.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-06-18T21:15:29Z","date_published":"2026-06-18T21:15:29Z","id":"https://feed.craftedsignal.io/briefs/2026-06-php-jwt-pbes2-dos/","summary":"An unauthenticated attacker can exploit a vulnerability in the PHP JWT Library's PBES2AESKW::unwrapKey() function when processing JWE tokens that use PBES2-HS*+A*KW algorithms by crafting a JWE with an excessively large 'p2c' (PBKDF2 iteration count) parameter in the JOSE header, forcing the server to perform an unbounded and CPU-intensive PBKDF2 computation, resulting in a CPU-amplification denial of service.","title":"PHP JWT Library PBES2-HS*+A*KW Unbounded p2c Iteration Count Leads to DoS","url":"https://feed.craftedsignal.io/briefs/2026-06-php-jwt-pbes2-dos/"}],"language":"en","title":"CraftedSignal Threat Feed - Jwe","version":"https://jsonfeed.org/version/1.1"}