Listen to this Post
The vulnerability CVE-2024-32650 stems from non-constant-time comparison of HMAC signatures in a Rust JWT library. The `SharedKey::sign()` method used HmacSha256::finalize().into_bytes().to_vec(), which converts the constant-time `CtOutput` wrapper into a standard Vec<u8>. This vector’s subsequent comparison for signature verification uses a standard equality check (==), which short-circuits upon finding the first differing byte. By meticulously measuring the response times for numerous forged signatures, an attacker can perform a timing attack. They can statistically analyze these timings to gradually deduce the correct HMAC signature byte-by-byte, ultimately allowing them to forge a valid JWT token without knowing the secret key.
Platform: Rust crate
Version: jwt-simple
Vulnerability: Timing Attack
Severity: Critical
date: 2024-04-25
Prediction: Patch released
What Undercode Say:
`perf stat` for timing
`==` operator unsafe
`verify_slice` method safe
How Exploit:
Measure response times
Byte-by-byte forgery
Statistical analysis
Protection from this CVE:
Use `verify_slice` method
Retain `CtOutput` wrapper
Constant-time comparisons
Impact:
JWT signature forgery
Authentication bypass
Token manipulation
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

