JWT Signature Bypass via kid Path Traversal
Description
This vulnerability occurs when a JSON Web Token (JWT) implementation fails to properly validate the 'kid' (Key ID) header parameter, allowing attackers to exploit a path traversal flaw. By manipulating the 'kid' parameter with directory traversal sequences (e.g., '../../../'), attackers can force the application to use a predictable or attacker-controlled file as the signing key. This enables the creation of validly-signed JWT tokens with arbitrary payloads, completely bypassing the authentication mechanism.
Remediation
To remediate this vulnerability, implement the following security controls:
1. Validate and sanitize the 'kid' parameter:
- Implement strict allowlisting of permitted 'kid' values
- Reject any 'kid' values containing path traversal sequences (../, .\, etc.)
- Use a mapping table to translate 'kid' values to key locations rather than direct file paths
2. Example secure implementation:
// Instead of directly using kid for file paths
// VULNERABLE CODE:
const keyPath = `/keys/${kid}`;
const key = fs.readFileSync(keyPath);
// SECURE CODE:
const allowedKeys = {
'key-2024-01': '/secure/keys/2024-01.pem',
'key-2024-02': '/secure/keys/2024-02.pem'
};
if (!allowedKeys.hasOwnProperty(kid)) {
throw new Error('Invalid key identifier');
}
const key = fs.readFileSync(allowedKeys[kid]);3. Additional security measures:
- Store signing keys outside the web root directory
- Implement proper error handling that doesn't reveal file system information
- Use established JWT libraries with built-in security controls
- Consider using asymmetric keys (RS256) instead of symmetric keys (HS256) to prevent key confusion attacks
- Regularly rotate signing keys and maintain a secure key management process