GitLab now enforces expiry dates on tokens that originally had no set expiration date. Those tokens were given an expiration date of one year later. Please review your personal access tokens, project access tokens, and group access tokens to ensure you are aware of upcoming expirations. Administrators of GitLab can find more information on how to identify and mitigate interruption in our documentation.

[SEC-002] Broken Authentication - JWT algorithm is not whitelisted

Description

Algorithm of JWT is not whitelisted. This may be causing serious severity. User may use JWT algorithm none. Below the example of bad token:

eyJhbGciOiJub25lIiwidHlwIjoiand0In0.eyJlbWFpbCI6IjEzNTIwMTI4QHN0ZC5zdGVpLml0Yi5hYy5pZCIsIm5hbWUiOiJCYXl1IFNhbXVkcmEgICIsInJvbGUiOiJ1c2VyIiwidXNlcl9pZCI6IjEiLCJ1c2VybmFtZSI6ImJheXVzYW11ZHJhIiwidHlwZSI6InJlZnJlc2giLCJpYXQiOjE2OTc4MDM0MDcsImV4cCI6MTY5NzgxNDIwN30.

Above JWT code decoded as:

{
  "alg": "none",
  "typ": "jwt"
}.
{
  "email": "13520128@std.stei.itb.ac.id",
  "name": "Bayu Samudra  ",
  "role": "user",
  "user_id": "1",
  "username": "bayusamudra",
  "type": "refresh",
  "iat": 1697803407,
  "exp": 1697814207
}

With none algorithm, the attacker able to build an unsigned JWT that is accepted by application.

Severity

This bug has severity CRITICAL

Affected URL

All of URL that used validateToken

Attachment