JSON encryption scheme contains critical vulnerability
Tue 14 Mar 2017
One of the web’s most popular open standards is coming under intense attack from developers due to security flaws, with Adobe and others issuing warnings and advice.
JavaScript Object Notation (JSON) is more familiar to most web users than they will realise, since it’s the underlying architecture that’s most commonly used to ‘dynamically’ update pages or feeds without a user-initiated reload. It has gained popularity over the last ten years not only because of its asynchronous updating capabilities, but also due to its relatively friendly and human-readable formatting schema.
However Adobe has just issued an advisory warning developers of a critical vulnerability in standard JSON encryption, which could enabler an attacker to recover the secret encryption key of one of the parties in a secure chain, compromising the chain.
Adobe is warning devs using node-jose, go-jose, Nimbus JOSE+JWT, jose2go or jose4 with ECDH-ES to update to the latest versions in order to maintain security, in a report that originated with research from Google’s Quan Nguyen, made public at Real World Crypto Conference 2017 in January of this year.
The JSON Web Token (JWT) open standard is part of the 0auth family involved in the creation of security access tokens, and the available attack relies on the exploitation of the elliptic curve cryptography protocols which are used to facilitate the authorisation. Antonio Sanso of Adobe has set up a live example of a possible attacker application, which other researchers can use to better understand the methodology of the attack. Those vexed by the example also make use of GitHub-hosted versions of the vulnerable server code example and the attacker code example.
Sanso also provides a detailed list of libraries which are vulnerable to the exploit if not updated, though he notes that some of them are written in languages which are naturally defended against the elliptic curve attack.
Scott Arciszewski of Paragon Initiative also posts in some detail today about why he feels that JSON web tokens are a native liability which make ‘forgery trivial’, yet are endlessly defended or worked around by developers who have come to rely on the simplicity of the schema, or who need to defend legacy infrastructure that relies on it.
