| عنوان | Rowboat Labs Rowboat 0.1.67 Authentication Bypass Issues |
|---|
| الوصف |
A critical vulnerability has been identified in Rowboat (version v0.1.67 and prior) within the experimental 'tools_webhook' component. The issue is classified as a JWT "None" Algorithm Attack, which leads to a complete Authentication Bypass (CWE-347/CWE-287).
The vulnerability exists in the Flask-based 'app.py' located in 'apps/experimental/tools_webhook/'. The application's JWT decoding logic fails to enforce a specific cryptographic algorithm. Instead, it respects the "alg" header provided by the client. By supplying a JWT with the "alg" set to "none", an attacker can bypass the signature verification process entirely.
This allows a remote, unauthenticated attacker to craft and submit forged tokens via the 'X-Tools-JWE' header to the '/tool_call' endpoint. By manipulating the "sub" (subject) claim in the unsigned token, the attacker can impersonate any user or service account and execute unauthorized tool commands within the Rowboat environment.
|
|---|
| المصدر | ⚠️ https://github.com/Dave-gilmore-aus/security-advisories/blob/main/rowbat-advisory |
|---|
| المستخدم | davidgilmore (UID 96940) |
|---|
| ارسال | 31/03/2026 07:35 AM (21 أيام منذ) |
|---|
| الاعتدال | 19/04/2026 09:20 PM (20 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 358269 [rowboatlabs rowboat حتى 0.1.67 tools_webhook app.py tool_call X-Tools-JWE توثيق ضعيف] |
|---|
| النقاط | 20 |
|---|