CVE-2017-12974 in JOSE+JWT
Summary
by MITRE
Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/11/2026
The vulnerability identified as CVE-2017-12974 affects the Nimbus JOSE+JWT library version 4.35 and earlier, representing a critical flaw in elliptic curve cryptography implementation that undermines the security assurances typically provided by elliptic curve digital signature algorithms. This issue stems from insufficient validation of elliptic curve public key coordinates during the key construction process, creating a pathway for adversaries to exploit the cryptographic system through what is known as an invalid curve attack. The flaw specifically manifests when the library accepts public x and y coordinates without verifying that these points actually lie on the specified elliptic curve, which is a fundamental requirement for maintaining cryptographic security. When the Java Cryptography Extension provider lacks proper curve validation capabilities, the vulnerability becomes exploitable, allowing attackers to manipulate the cryptographic operations in ways that compromise the integrity of the security system.
The technical implementation of this vulnerability occurs within the ECKey construction logic where the library fails to perform proper mathematical validation of the elliptic curve point coordinates. According to CWE-331, this represents insufficient entropy or improper validation of cryptographic parameters, which directly enables the invalid curve attack vector. The attack exploits the mathematical properties of elliptic curves by presenting points that appear valid but actually reside on a different curve with weaker security properties. This allows an attacker to potentially recover private keys or manipulate cryptographic operations by leveraging the mathematical weaknesses inherent in the curve validation process. The vulnerability specifically targets the ECDH (Elliptic Curve Diffie-Hellman) and ECDSA (Elliptic Curve Digital Signature Algorithm) implementations within the library, making it particularly dangerous for applications relying on JWT (JSON Web Tokens) for authentication and authorization purposes.
The operational impact of CVE-2017-12974 extends beyond simple cryptographic weakness to encompass potential full system compromise when JWT tokens are used for authentication and access control. Attackers exploiting this vulnerability can manipulate the cryptographic operations to gain unauthorized access to protected resources, potentially leading to data breaches, privilege escalation, and complete system compromise. The vulnerability affects environments where the underlying JCE provider does not implement proper curve validation, which is common in many production systems and cloud environments. Organizations using the affected library version may experience unauthorized access to sensitive data, as the invalid curve attack can be used to forge signatures or decrypt communications that should remain protected. The attack vector is particularly concerning because it can be executed without requiring access to the private key, making it a sophisticated threat that can bypass traditional key management security measures.
Mitigation strategies for CVE-2017-12974 require immediate action to upgrade to Nimbus JOSE+JWT version 4.36 or later, which implements proper curve validation during ECKey construction. Organizations should also ensure their JCE providers have adequate curve validation capabilities and consider implementing additional cryptographic validation layers in their applications. The remediation process should include thorough testing of all JWT-based authentication systems to verify that the upgrade has resolved the vulnerability and that no other cryptographic components remain susceptible to similar attacks. Security teams should monitor for potential exploitation attempts and implement network-based detection measures to identify suspicious cryptographic operations that may indicate an attack attempt. According to ATT&CK framework tactic TA0006 (Credential Access), this vulnerability falls under techniques that can be used to obtain credentials through cryptographic manipulation, making it a significant concern for security operations centers that monitor for such threats. The vulnerability also maps to ATT&CK technique T1552.001 (Unsecured Credentials) as it enables attackers to compromise the cryptographic foundations that protect sensitive information. Organizations should conduct comprehensive security assessments of all systems using affected libraries and implement proper cryptographic hygiene practices to prevent similar vulnerabilities from emerging in other cryptographic implementations.