## https://sploitus.com/exploit?id=E2A2C5B6-244B-56BC-9F56-4FE1179BDDB6
# Demo Project: CVE-2022-21449 Vulnerability
This project demonstrates the CVE-2022-21449 vulnerability, which affects Java's ECDSA signature verification. The vulnerability allows a malicious actor to bypass signature verification by using a signature with zero values (`r=0` and `s=0`). The project uses real and fake JWT tokens with EC signatures to showcase the issue on Java 17 without the security patch.
## Features
- **Real JWT Token**: A valid JWT token signed with an EC private key.
- **Fake JWT Token**: A JWT token with a zeroed signature (`r=0`, `s=0`).
- **Validation**: Demonstrates how the vulnerability allows the fake token to pass validation.
## Prerequisites
- **Java 17** (without the security patch for CVE-2022-21449).
- **Maven** for building the project.
## Project Structure
- `JwtGenerator`: Generates real and fake JWT tokens.
- `JwtUtils`: Validates JWT tokens using a public EC key.
- `SecurityConfig`: Configures Spring Security to demonstrate token-based authentication.
- `ProtectedController`: Provides endpoints to test token-based access control.
## How to Use the `JwtGenerator` Console App
The `JwtGenerator` class is a standalone console application that generates and prints both valid and fake JWT tokens.
### Steps to Run
1. **Build the Project**:
```bash
mvn clean install
```
2. **Run the `JwtGenerator` Class**:
```bash
mvn exec:java -Dexec.mainClass="com.symphony_solutions.demo.util.JwtGenerator"
```
3. **Output**:
The application will print:
- A valid JWT token.
- A fake JWT token with a zeroed signature.
Example:
```
=== Valid JWT ===
eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhbGljZSIsInJvbGVzIjpbIkFETUlOIiwiVVNFUiJdLCJpYXQiOjE2NzAwMDAwMDAsImV4cCI6MTY3MDAzNjAwMH0.<signature>
=== Fake JWT with zero signature ===
eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJib2IiLCJyb2xlcyI6WyJBRE1JTiIsIlVTRVIiXSwiaWF0IjoxNjcwMDAwMDAwLCJleHAiOjE2NzAwMzYwMDB9.<zeroed_signature>
```
4. **Use the Tokens**:
- Copy the tokens and use them to test the vulnerability in the application or other tools.
## Demonstrating the Vulnerability
1. **Start the Application**:
```bash
mvn spring-boot:run
```
2. **Access Protected Endpoints**:
- Use a valid token to access `/protected/user` or `/protected/admin`.
- Use the fake token to demonstrate how the vulnerability allows unauthorized access.
3. **Endpoints**:
- `/protected/user`: Requires `USER` or `ADMIN` role.
- `/protected/admin`: Requires `ADMIN` role.
## Important Notes
- This project is for educational purposes only. Do not use it in production environments.
- Ensure your Java version is updated with the security patch to mitigate CVE-2022-21449.
## References
- [CVE-2022-21449 Details](https://nvd.nist.gov/vuln/detail/CVE-2022-21449)
- [Java Security Updates](https://www.oracle.com/security-alerts/)
## License
This project is licensed under the MIT License.