Via Twitter
Authors consider SQLi as main attack vector. Hashed token mitigate r/o SQLi, encrypted mitigate r/w SQLi
That actually doesn't buy you anything. Consider the following table schema:
CREATE TABLE reset_tokens (
tokenid BIGSERIAL PRIMARY KEY,
selector TEXT,
verifier TEXT,
user BIGINT REFERENCES users (userid),
expires TIMESTAMP
);
We recommended hashing the verifier. You might think encryption would mitigate against read/write SQLi, but you can do this:
- Issue a reset for an unprivileged user.
UPDATE reset_tokens SET user = {$target} WHERE selector = {$knownToAttacker}
- Access the URL.
That works even if you can't just break out of the database, into the filesystem, and exfiltrate their encryption keys.
It depends on content of the token. Storing encrypted JWT with proper "sub" and "exp" may solve vector identified above. In fact, JWT is a standard way to represent authentication information, why not also use it as "password reset" authenticator?