Share
## https://sploitus.com/exploit?id=E2A2C5B6-244B-56BC-9F56-4FE1179BDDB6
# Demo Project: CVE-2022-21449 Vulnerability

This project demonstrates the CVE-2022-21449 vulnerability, which affects Java's ECDSA signature verification. The vulnerability allows a malicious actor to bypass signature verification by using a signature with zero values (`r=0` and `s=0`). The project uses real and fake JWT tokens with EC signatures to showcase the issue on Java 17 without the security patch.

## Features
- **Real JWT Token**: A valid JWT token signed with an EC private key.
- **Fake JWT Token**: A JWT token with a zeroed signature (`r=0`, `s=0`).
- **Validation**: Demonstrates how the vulnerability allows the fake token to pass validation.

## Prerequisites
- **Java 17** (without the security patch for CVE-2022-21449).
- **Maven** for building the project.

## Project Structure
- `JwtGenerator`: Generates real and fake JWT tokens.
- `JwtUtils`: Validates JWT tokens using a public EC key.
- `SecurityConfig`: Configures Spring Security to demonstrate token-based authentication.
- `ProtectedController`: Provides endpoints to test token-based access control.

## How to Use the `JwtGenerator` Console App
The `JwtGenerator` class is a standalone console application that generates and prints both valid and fake JWT tokens.

### Steps to Run
1. **Build the Project**:
   ```bash
   mvn clean install
   ```

2. **Run the `JwtGenerator` Class**:
   ```bash
   mvn exec:java -Dexec.mainClass="com.symphony_solutions.demo.util.JwtGenerator"
   ```

3. **Output**:
   The application will print:
    - A valid JWT token.
    - A fake JWT token with a zeroed signature.

   Example:
   ```
   === Valid JWT ===
   eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhbGljZSIsInJvbGVzIjpbIkFETUlOIiwiVVNFUiJdLCJpYXQiOjE2NzAwMDAwMDAsImV4cCI6MTY3MDAzNjAwMH0.<signature>

   === Fake JWT with zero signature ===
   eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJib2IiLCJyb2xlcyI6WyJBRE1JTiIsIlVTRVIiXSwiaWF0IjoxNjcwMDAwMDAwLCJleHAiOjE2NzAwMzYwMDB9.<zeroed_signature>
   ```

4. **Use the Tokens**:
    - Copy the tokens and use them to test the vulnerability in the application or other tools.

## Demonstrating the Vulnerability
1. **Start the Application**:
   ```bash
   mvn spring-boot:run
   ```

2. **Access Protected Endpoints**:
    - Use a valid token to access `/protected/user` or `/protected/admin`.
    - Use the fake token to demonstrate how the vulnerability allows unauthorized access.

3. **Endpoints**:
    - `/protected/user`: Requires `USER` or `ADMIN` role.
    - `/protected/admin`: Requires `ADMIN` role.

## Important Notes
- This project is for educational purposes only. Do not use it in production environments.
- Ensure your Java version is updated with the security patch to mitigate CVE-2022-21449.

## References
- [CVE-2022-21449 Details](https://nvd.nist.gov/vuln/detail/CVE-2022-21449)
- [Java Security Updates](https://www.oracle.com/security-alerts/)

## License
This project is licensed under the MIT License.