How severe is CVE-2024-54150?

This vulnerability has a severity rating of HIGH with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2024-54150?

This is classified as CWE-347, which is a common weakness in software security.

CVE-2024-54150 - HIGH Severity | CVSS 9.1

Vulnerability Description

cjwt is a C JSON Web Token (JWT) Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS signed token during verification, it becomes vulnerable to this kind of attack. For instance, an attacker could craft a token with the alg field set to "HS256" while the server expects an asymmetric algorithm like "RS256". The server might mistakenly use the wrong verification method, such as using a public key as the HMAC secret, leading to unauthorised access. For RSA, the key can be computed from a few signatures. For Elliptic Curve (EC), two potential keys can be recovered from one signature. This can be used to bypass the signature mechanism if an application relies on asymmetrically signed tokens. This issue has been addressed in version 2.3.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2019-20597

CRITICAL

CVSS:9.1(Critical)

An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. SPENgesture allows arbitrary applications to read or modify user-input logs. The Samsung ID is SVE-2019-1417...

CWE-3472019

CVE-2020-12676

CRITICAL

CVSS:9.1(Critical)

FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack".

CWE-3472020

CVE-2020-9753

CRITICAL

CVSS:9.1(Critical)

Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.

CWE-3472020

CVE-2021-29451

CRITICAL

CVSS:9.1(Critical)

Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patch...

CWE-3472021

CVE-2021-30246

CRITICAL

CVSS:9.1(Critical)

In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack.

CWE-3472021

CVE-2023-34205

CRITICAL

CVSS:9.1(Critical)

In Moov signedxml through 1.0.0, parsing the raw XML (as received) can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrappin...

CWE-3472023