Information Discovery: JWT Header Claims

JSON Web Token (JWT) contains attributes called claims such as kid (Key ID), jwk (JSON Web Key), jku (JWK Set URL), x5u (X.509 URL), and x5c (X.509 Certificate Chain) in its header part and can lead to vulnerabilities if these are not implemented correctly.

JWT is a standard for creating a URL-safe means of transferring data between two parties. JWT provides protection against data tampering because the information it contains is digitally signed with either the HMAC or the RSA algorithm. The server typically generates JWTs after successful client authentication. This JWT accompanies future client requests to the server for stateless authentication.

A JSON Web Token contains three parts in the following format:
{header}.{payload}.{signature}
- A kid claim might be vulnerable to an injection attack. Some libraries use system calls (such as file-system lookups), or database queries to extract the key specified in the "kid" header value. By injecting malicious data into this claim, an attacker can force the application to perform arbitrary SQL queries, execute system commands, or maybe even redirect the target of the 'key file' to a known file on the system to force a new secret that can be used to sign and decrypt HMAC tokens.
.
- A jwk claim might be vulnerable to a key injection attack. This attack attempts a less-commonly used verification technique in some JWT libraries - the inclusion of an in-line Public Key. The attacker can sign the token using a new Private Key, include the Public Key in the token, and then let the service use that key to verify the token.

- A jku, x5u, and x5c claim might be vulnerable to JWKS spoofing. By replacing the "jku" or "x5u" URL with an attacker-controlled URL containing a public key, or by replacing the "x5c" certificate chain with an attacker-controlled chain with a public key, an attacker can use the paired private key to sign the token and let the service retrieve the malicious public key and verify the token.