Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2018-0114

Description

A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header.

POC

Reference

- https://github.com/zi0Black/POC-CVE-2018-0114

- https://www.exploit-db.com/exploits/44324/

Github

- https://github.com/0x0806/JWT-Security-Assessment

- https://github.com/0xT11/CVE-POC

- https://github.com/ARPSyndicate/cvemon

- https://github.com/CyberSecurityUP/CVE-2018-0114-Exploit

- https://github.com/Eremiel/CVE-2018-0114

- https://github.com/HiitCat/JWT-SecLabs

- https://github.com/Logeirs/CVE-2018-0114

- https://github.com/Pandora-research/CVE-2018-0114-Exploit

- https://github.com/PuddinCat/GithubRepoSpider

- https://github.com/Starry-lord/CVE-2018-0114

- https://github.com/The-Cracker-Technology/jwt_tool

- https://github.com/achmadismail173/jwt_exploit

- https://github.com/adityathebe/POC-CVE-2018-0114

- https://github.com/amr9k8/jwt-spoof-tool

- https://github.com/anthonyg-1/PSJsonWebToken

- https://github.com/crpytoscooby/resourses_web

- https://github.com/developer3000S/PoC-in-GitHub

- https://github.com/freddd/forger

- https://github.com/guchangan1/All-Defense-Tool

- https://github.com/hectorgie/PoC-in-GitHub

- https://github.com/j4k0m/CVE-2018-0114

- https://github.com/lnick2023/nicenice

- https://github.com/mishmashclone/ticarpi-jwt_tool

- https://github.com/mmeza-developer/CVE-2018-0114

- https://github.com/mxcezl/JWT-SecLabs

- https://github.com/n0-traces/cve_monitor

- https://github.com/n0m-d/CVE-2018-0114-Go

- https://github.com/pinnace/burp-jwt-fuzzhelper-extension

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/puckiestyle/jwt_tool

- https://github.com/qazbnm456/awesome-cve-poc

- https://github.com/scumdestroy/CVE-2018-0114

- https://github.com/scumdestroy/pentest-scripts-for-dangerous-boys

- https://github.com/sealldeveloper/CVE-2018-0114-PoC

- https://github.com/snakesec/jwt_tool

- https://github.com/techleadevelopers/Security-Stuffers-Lab

- https://github.com/techleadevelopers/red-team-ops

- https://github.com/ticarpi/jwt_tool

- https://github.com/whoami13apt/tool-

- https://github.com/xbl3/awesome-cve-poc_qazbnm456

- https://github.com/z-bool/Venom-JWT

- https://github.com/zhangziyang301/jwt_tool

- https://github.com/zi0Black/POC-CVE-2018-0114