For Educational Purposes Only! Intended for
仅用于教育目的! 旨在用于
问题 (Issue)
The algorithm HS256 uses the secret key to sign and verify each message. The algorithm RS256 uses the private key to sign the message and uses the public key for authentication.
HS256算法使用密钥对每个消息进行签名和验证。 RS256算法使用私钥对消息进行签名,并使用公钥进行身份验证。
If you change the algorithm from RS256 to HS256, the backend code uses the public key as the secret key and then uses the HS256 algorithm to verify the signature. Asymmetric Cipher Algorithm => Symmetric Cipher Algorithm.
如果将算法从RS256更改为HS256,则后端代码将使用公钥作为私钥,然后使用HS256算法来验证签名。 非对称密码算法=>对称密码算法。
Because the public key can sometimes be obtained by the attacker, the attacker can modify the algorithm in the header to HS256 and then use the RSA public key to sign the data.
由于攻击者有时可以获取公共密钥,因此攻击者可以将标头中的算法修改为HS256,然后使用RSA公共密钥对数据进行签名。
The backend code uses the RSA public key + HS256 algorithm for signature verification.
后端代码使用RSA公钥+ HS256算法进行签名验证。
例 (Example)
Vulnerability appear when client side validation looks like this:
客户端验证如下所示时,将出现漏洞:
const decoded = jwt.verify(
token,
publickRSAKey,
{ algorithms: ['HS256' , 'RS256'] } //accepted both algorithms
)
Lets assume we have initial token like presented below and " => " will explain modification that attacker can make:
假设我们有如下所示的初始令牌,“ =>”将解释攻击者可以进行的修改:
//header
{
alg: 'RS2