GHSA-88Q6-JCJG-HVMW

Vulnerability from github – Published: 2026-01-09 19:39 – Updated: 2026-01-09 19:39
VLAI?
Summary
jose-swift has JWT Signature Verification Bypass via None Algorithm
Details

Summary

An authentication bypass vulnerability allows any unauthenticated attacker to forge arbitrary JWT tokens by setting "alg": "none" in the token header. The library's verification functions immediately return true for such tokens without performing any cryptographic verification, enabling complete impersonation of any user and privilege escalation.

Details

The vulnerability exists in Sources/JSONWebSignature/JWS+Verify.swift at lines 34-37:

  public func verify<Key>(key: Key?) throws -> Bool {
      guard SigningAlgorithm.none != protectedHeader.algorithm else {
          return true  // <-- Vulnerability: returns true without verification
      }

When the JWT header contains "alg": "none", the verify() method returns true immediately without: 1. Checking if the signature is empty or present 2. Validating the token against any key 3. Requiring explicit opt-in from the caller

The SigningAlgorithm enum in Sources/JSONWebAlgorithms/Signatures/SigningAlgorithm.swift:72 explicitly includes case none = "none" as a valid algorithm.

All verification methods are affected: - JWS.verify(key:) - Instance method - JWS.verify(jwsString:payload:key:) - Static method - JWT.verify(jwtString:senderKey:) - High-level API

PoC

  1. Create a forged JWT with modified claims: // Forged header with alg:none let header = #"{"alg":"none","typ":"JWT"}"#

// Attacker's payload with escalated privileges let payload = #"{"sub":"user123","admin":true}"#

// Base64URL encode and concatenate with empty signature let forgedToken = base64url(header) + "." + base64url(payload) + "." // Result: eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzdWIiOiJ1c2VyMTIzIiwiYWRtaW4iOnRydWV9.

  1. Verify the forged token passes verification: let jws = try JWS(jwsString: forgedToken) let isValid = try jws.verify(key: legitimateSecretKey) // Returns TRUE

Impact

This is an authentication bypass vulnerability. Who is impacted: Any application using jose-swift for JWT verification is vulnerable. An attacker can:

  • Forge identity: Create tokens claiming to be any user
  • Escalate privileges: Add admin/superuser claims to gain unauthorized access
  • Bypass authentication entirely: Access protected resources without valid credentials
  • Modify any claim: Change expiration, audience, issuer, or any custom claims

The attack requires no knowledge of the signing key and works against all signature algorithms (HS256, RS256, ES256, etc.) since the attacker simply bypasses signature verification entirely.

Credits

Reported by Louis Nyffenegger - https://pentesterlab.com/

Severity ?
8.8 (High)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "SwiftURL",
        "name": "github.com/beatt83/jose-swift"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "6.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-327"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-09T19:39:30Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\nAn authentication bypass vulnerability allows any unauthenticated attacker to forge arbitrary JWT tokens by setting \"alg\": \"none\" in the token header. The library\u0027s verification functions immediately return `true` for such tokens without performing any cryptographic verification, enabling complete impersonation of any user and privilege escalation.\n\n### Details\n  The vulnerability exists in Sources/JSONWebSignature/JWS+Verify.swift at lines 34-37:\n\n```\n  public func verify\u003cKey\u003e(key: Key?) throws -\u003e Bool {\n      guard SigningAlgorithm.none != protectedHeader.algorithm else {\n          return true  // \u003c-- Vulnerability: returns true without verification\n      }\n```\n  When the JWT header contains \"alg\": \"none\", the verify() method returns true immediately without:\n  1. Checking if the signature is empty or present\n  2. Validating the token against any key\n  3. Requiring explicit opt-in from the caller\n  \n\n The SigningAlgorithm enum in Sources/JSONWebAlgorithms/Signatures/SigningAlgorithm.swift:72 explicitly includes case none = \"none\" as a valid algorithm.\n\n  All verification methods are affected:\n  - JWS.verify(key:) - Instance method\n  - JWS.verify(jwsString:payload:key:) - Static method\n  - JWT.verify(jwtString:senderKey:) - High-level API\n\n### PoC\n\n  1. Create a forged JWT with modified claims:\n  // Forged header with alg:none\n  let header = #\"{\"alg\":\"none\",\"typ\":\"JWT\"}\"#\n\n  // Attacker\u0027s payload with escalated privileges\n  let payload = #\"{\"sub\":\"user123\",\"admin\":true}\"#\n\n  // Base64URL encode and concatenate with empty signature\n  let forgedToken = base64url(header) + \".\" + base64url(payload) + \".\"\n  // Result: eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzdWIiOiJ1c2VyMTIzIiwiYWRtaW4iOnRydWV9.\n\n  2. Verify the forged token passes verification:\n  let jws = try JWS(jwsString: forgedToken)\n  let isValid = try jws.verify(key: legitimateSecretKey)  // Returns TRUE\n\n\n### Impact\n\n  This is an authentication bypass vulnerability.   Who is impacted: Any application using jose-swift for JWT verification is vulnerable. An attacker can:\n\n  - Forge identity: Create tokens claiming to be any user\n  - Escalate privileges: Add admin/superuser claims to gain unauthorized access\n  - Bypass authentication entirely: Access protected resources without valid credentials\n  - Modify any claim: Change expiration, audience, issuer, or any custom claims\n\n  The attack requires no knowledge of the signing key and works against all signature algorithms (HS256, RS256, ES256, etc.) since the attacker simply bypasses signature verification entirely.\n\n### Credits\nReported by Louis Nyffenegger - https://pentesterlab.com/",
  "id": "GHSA-88q6-jcjg-hvmw",
  "modified": "2026-01-09T19:39:30Z",
  "published": "2026-01-09T19:39:30Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/beatt83/jose-swift/security/advisories/GHSA-88q6-jcjg-hvmw"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/beatt83/jose-swift"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "jose-swift has JWT Signature Verification Bypass via None Algorithm"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.