CVE Tools
Sign in

CVE-2020-5300

Disallow replay of `private_key_jwt` by blacklisting JTIs in Hydra

Published: Apr 6, 2020Updated: Nov 21, 2024 Sources: CVE List NVD GHSACWE-294
NVD MITRE
5.8CVSSMEDIUM
EPSS Score
1.0%
Top 40.9%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
Patch Available

Description

In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion `jti`: "A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties". Hydra does not check the uniqueness of this `jti` value. Exploiting this vulnerability is somewhat difficult because: - TLS protects against MITM which makes it difficult to intercept valid tokens for replay attacks - The expiry time of the JWT gives only a short window of opportunity where it could be replayed This has been patched in version v1.4.0+oryOS.17

CVSS Vector Breakdown

AV:NAC:HPR:LUI:RS:CC:HI:NA:N
Exploitability
AV:NAttack Vector
Network
AC:HAttack Complexity
High
PR:LPrivileges Required
Low
UI:RUser Interaction
Required
Scope
S:CScope
Changed
Impact
C:HConfidentiality
High
I:NIntegrity
None
A:NAvailability
None
Open in CVSS calculator →

Weaknesses

CWE-294

Affected Products

hydraory
Mixed
Security Products / identity-access-mgmt
github.com/ory/hydraGoOSS Libraries
orycommercialCHSecurity Productsaka fosite, oathkeeper, hydra
gopackage-ecosystemOSS Libraries

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

Exploitability

Official Patch Available

MITRE ATT&CK

1 technique
Defense Evasion
View detailed technique mapping

References

https://github.com/ory/hydra/commit/700d17d3b7d507de1b1d459a7261d6fb2571ebe3
github.com
https://github.com/ory/hydra/releases/tag/v1.4.0
github.com
https://github.com/ory/hydra/security/advisories/GHSA-3p3g-vpw6-4w66
github.com
and 3 more references View all →

Timeline

Published
Apr 6, 2020
Last Updated
Nov 21, 2024

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2020-5300 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows