-
-
Save ZupeiNie/6f65e564f2067b876321d3dfdbb76569 to your computer and use it in GitHub Desktop.
| CVE: CVE-2025-45768 | |
| Description: | |
| we found that the HMAC and RSA key lengths used in your JSON Web Signature (JWS) implementation do not meet recommended security standards(RFC 7518、NIST SP800-117、RFC 2437). According to CWE-326 (Inadequate Encryption Strength), using keys that are too short can lead to serious vulnerabilities and potential attacks. | |
| Affected versions: <= v2.10.1 |
@ZupeiNie Please fix link
@ZupeiNie Can you please specify what key lengths exactly you've found in PyJWT
Hey all. Ceph here was looking into our affectedness for this since it's disputed by MITRE and we use pyjwt. Forgive my ignorance but I wanted to follow up here about the technical details.
Disputed at MITRE, https://nvd.nist.gov/vuln/detail/CVE-2025-45768
We dug into the standards and could not easily find a recommended key length in the listed ones, so I wanted to confirm where that was found. The standard I found a recommendation for is https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-78-5.pdf which supports personal information, and states that SHA 256 is an option thru 2030.
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-117.pdf refers to passwords
https://datatracker.ietf.org/doc/html/rfc2437 --really only goes into details relating to key length and password for RSA, does not provide suggestions for RSA.
https://datatracker.ietf.org/doc/html/rfc7518 --The
algorithms respectively use HMAC SHA-256, HMAC SHA-384, and HMAC
SHA-512 as the PRF and use 128-, 192-, and 256-bit AES Key Wrap keys.
Their derived-key lengths respectively are 16, 24, and 32 octets.
SHA 256 is the minimum algorithm used for HMAC and RSA as far as I can tell. https://github.com/jpadilla/pyjwt/blob/6293865c82ef24af76455c2522806ac2b1c75d6b/docs/algorithms.rst#L7
In https://github.com/jpadilla/pyjwt/blob/master/jwt/api_jwt.py and https://github.com/jpadilla/pyjwt/blob/master/jwt/api_jws.py I do not see a reference to a minimum key length. My understanding is that it would thus be based off the accepted algorithm, as provided by the customer in some cases (asymmetric key encryption)
Do you have any more info about this CVE, including the affected lines of code? Want to make sure we're not actually vulnerable to this bug. Thanks a ton, forgive my ignorance about this project.
if anyone is using pyjwt, i have the alternative to avoid this vulnerability for snowflake or any sql database. i will be able to help. Please reach out to me via email - sridharanmurugadass@gmail.com
Hello, https://github.com/jpadilla/pyjwt/security/advisories/GHSA-72ff-rqxp-4hrh link is broken.