python-cwt icon indicating copy to clipboard operation
python-cwt copied to clipboard
verified publisher icon dajiaji

Cryptographic API Misuse Vulnerability

Open lialon opened this issue 1 year ago • 0 comments

Description:

In the "python-cwt/samples/eudcc/swedish_verifier.py" and "python-cwt/cwt/algs/rsa.py", I have identified security vulnerabilities about insecure cryptographic algorithm and insecure verification. PKCS1v1.5 is vulnerable to the chosen-ciphertext attack. And bypassing JWT verification or using JWT tokens before verification are considered insecure.

Location:

https://github.com/dajiaji/python-cwt/blob/main/cwt/algs/rsa.py#L57

self._padding = padding.PKCS1v15()

https://github.com/dajiaji/python-cwt/blob/main/samples/eudcc/swedish_verifier.py#L41

 decoded = jwt.decode(
            r.text,
            cose_key.key,
            algorithms=["ES256"],
            options={"verify_aud": False},
        )

Reference

  • CWE-780: Use of RSA Algorithm without OAEP
  • CWE-287: Improper Authentication

Recommendations:

  • Try using other padding(OAEP) instead of PKCS1v1.5.
  • There should be proper verification of JWT.

lialon avatar Aug 07 '24 09:08 lialon