JWT Authentication - Invalid signature is verified

Hi,

We have an issue with jwt authentication.
If we delete characters from the end of signature part, the request is still authenticated.
We used HS256 to hash the signature as well as RS256 but still we have the same issue.

After investigation we noticed that in the VerifyPayload method in JwtAuthProviderReader.cs, the EquivalentTo method(EnumerableExtensions.cs) is called with the signature bytes
of the token, which seems to compare each byte of the signature with the correct signature bytes but not the length of it.

    public static bool EquivalentTo(this byte[] bytes, byte[] other)
        {
            var compare = 0;
            for (var i = 0; i < other.Length; i++)
                compare |= other[i] ^ bytes[i];

            return compare == 0;
        }

If we provide a signature with less bytes but matching the first bytes of correct signature, it will be verified.
Example:

Sent JWT token:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJBcHAiLCJpYXQiOjE1ODg4NDc3MzAsImV4cCI6MTY4ODkzNDEzMCwicHJlZmVycmVkX3VzZXJuYW1lIjoiUGV0ZXIifQ.JNTrfZhvLhtKe3

Expected JWT token:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJBcHAiLCJpYXQiOjE1ODg4NDc3MzAsImV4cCI6MTY4ODkzNDEzMCwicHJlZmVycmVkX3VzZXJuYW1lIjoiUGV0ZXIifQ.JNTrfZhvLhtKe3rmsUjCTfjVXbL-KAoQ1CbuZh4JAOM

We use ServiceStack.Core 5.9.0

Yeah glaring oversight, thx for reporting. Fixed from this commit.

This change is now available from v5.9.1 that’s now available on MyGet.

I’ve added a new test to verify that no partial signature validates in this commit.

I’ve also published a new v5.9.2 patch release of ServiceStack on NuGet to make this fix broadly available to everyone without needing to use the MyGet pre-release packages.

1 Like