353 – Lack of data validation - Token

Description

The generated JWT access token does not validate if the signature is valid so the token can be modified and requests are accepted; even removing the signature from the token works.

Impact

- Generate tokens by bypassing existing mechanisms. - Modify tokens allowing requests to be sent outside the application cycle.

Recommendation

Generate a token with random components without sensitive information and always validate that the integrity of the token is maintained (signature verification, signature).

Threat

Unauthorized attacker with access to a token.

Expected Remediation Time

90 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: H
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): N
• Integrity (VI): L
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: U

Requirements

• 173 - Discard unsafe inputs
• 320 - Avoid client-side control enforcement
• 357 - Use stateless session tokens

Fixes

• Csharp
• Dart
• Elixir
• Go
• Java
• Python
• Ruby
• Scala
• Typescript

Last updated

2024/02/20