Description

Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid G-signatures. Such an attack would allow an attacker to create a token with any access level. The version 2 of the specification mandates a different algorithm than gamma signatures and as such is not affected by this vulnerability. The Biscuit implementations in Rust, Haskell, Go, Java and Javascript all have published versions following the v2 specification. There are no known workarounds for this issue.

Remediation

References

https://github.com/biscuit-auth/biscuit/security/advisories/GHSA-75rw-34q6-72cr

https://eprint.iacr.org/2020/1484

Related Vulnerabilities

CVE-2020-7686 Vulnerability in npm package rollup-plugin-dev-server

CVE-2020-7757 Vulnerability in npm package droppy

CVE-2023-48910 Vulnerability in maven package io.github.microcks:microcks

CVE-2017-16026 Vulnerability in maven package org.webjars:request

CVE-2022-25875 Vulnerability in maven package org.webjars.npm:svelte

Severity

Critical

Classification

CWE-347 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory Technical Description