Researcher Warns About JSON Web Encryption Flaw
According to Antonio Sanso, a senior software engineer at Adobe Research Switzerland, software libraries implementing the JSON Web Encryption (JWE), or RFC 7516, specification are vulnerable to invalid curve attacks. Web applications using some JWE protocols could allow attackers to retrieve private encryption keys. Affected libraries include go-jose, node-jose, jose2go, Nimbus JOSE+JWT, or jose4 with ECDH-ES.
"At the end of the day the issue here is that the specification and consequently all the libraries I checked missed validating that the received public key (contained in the JWE Protected Header) is on the curve," Sanso wrote.