Privilege escalation in Microsoft.IdentityModel.Tokens - #VU4134
Published: January 10, 2017 / Updated: January 11, 2017
Vulnerability identifier: #VU4134
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Microsoft.IdentityModel.Tokens
Microsoft.IdentityModel.Tokens
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to an error when handling tokens signed with symmetric keys in Microsoft.IdentityModel.Tokens 5.1.0. If a token signed with a symmetric key is used to verify the identity of a user, and the app makes decisions based on the verified identity of that user, then the app could make incorrect decisions that result in elevation of privilege.
Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication process and gain unauthorized access to vulnerable system.
Microsoft .NET Core or .NET Framework project is affected by the vulnerability if it uses the package Microsoft.IdentityModel.Tokens version 5.1.0.
The vulnerability exists due to an error when handling tokens signed with symmetric keys in Microsoft.IdentityModel.Tokens 5.1.0. If a token signed with a symmetric key is used to verify the identity of a user, and the app makes decisions based on the verified identity of that user, then the app could make incorrect decisions that result in elevation of privilege.
Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication process and gain unauthorized access to vulnerable system.
Microsoft .NET Core or .NET Framework project is affected by the vulnerability if it uses the package Microsoft.IdentityModel.Tokens version 5.1.0.
Remediation
Update Microsoft.IdentityModel.Tokens to version 5.1.1.