CVE-2023-46943 – This vulnerability allows attackers to forge va... (How to Fix)

Q: What is the severity of CVE-2023-46943?

CVE-2023-46943 has a CVSS score of 9.1 (CRITICAL). This vulnerability allows attackers to forge valid JSON Web Tokens (JWTs) due to a hardcoded weak HMAC secret ('secret') in @evershop/evershop. Attackers can use these forged tokens to gain unauthorized access to sensitive information and perform privileged actions within affected applications. Anyone using vulnerable versions of this NPM package is affected.

📋 TL;DR

This vulnerability allows attackers to forge valid JSON Web Tokens (JWTs) due to a hardcoded weak HMAC secret ('secret') in @evershop/evershop. Attackers can use these forged tokens to gain unauthorized access to sensitive information and perform privileged actions within affected applications. Anyone using vulnerable versions of this NPM package is affected.

💻 Affected Systems

Products:

@evershop/evershop

Versions: All versions before 1.0.0-rc.8

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Any application using the vulnerable package with JWT authentication is affected regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the application with administrative privileges, allowing data theft, account takeover, and full system control.

🟠

Likely Case

Unauthorized access to user accounts, sensitive data exposure, and privilege escalation within the application.

🟢

If Mitigated

Limited impact with proper network segmentation and additional authentication layers, though the core vulnerability remains.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires knowledge of JWT structure but is straightforward once the weak secret is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.0-rc.8 and later

Vendor Advisory: https://advisory.checkmarx.net/advisory/CVE-2023-46943/

Restart Required: Yes

Instructions:

1. Update package.json to use @evershop/evershop version 1.0.0-rc.8 or higher. 2. Run 'npm update @evershop/evershop'. 3. Restart the application server. 4. Regenerate all existing JWTs with a new strong secret.

🔧 Temporary Workarounds

Manual HMAC Secret Replacement

all

Manually replace the hardcoded HMAC secret with a strong, unique value in the application configuration.

Edit configuration file to set a strong HMAC_SECRET environment variable
Restart application

🧯 If You Can't Patch

Implement additional authentication layers (MFA, IP whitelisting)
Monitor JWT usage patterns for anomalies and implement rate limiting

🔍 How to Verify

Check if Vulnerable:

Check package.json for @evershop/evershop version. If version is below 1.0.0-rc.8, the system is vulnerable.

Check Version:

npm list @evershop/evershop

Verify Fix Applied:

Verify package.json shows @evershop/evershop version 1.0.0-rc.8 or higher and that HMAC secret is no longer 'secret'.

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts followed by successful login with unusual patterns
JWT validation errors or mismatched signatures

Network Indicators:

Unusual API request patterns from unexpected locations
Multiple authentication requests with similar JWT structures

SIEM Query:

source="application_logs" AND ("JWT" OR "token") AND ("invalid" OR "failed" OR "success") | stats count by src_ip, user

📊 Metadata

CVE ID: CVE-2023-46943

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-798

Published: January 13, 2024

Last Updated: November 21, 2024

🔗 References

https://advisory.checkmarx.net/advisory/CVE-2023-46943/
https://devhub.checkmarx.com/cve-details/CVE-2023-46943/ Third Party Advisory
https://advisory.checkmarx.net/advisory/CVE-2023-46943/
https://devhub.checkmarx.com/cve-details/CVE-2023-46943/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-46943, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Evershop by Evershop

Evershop by Evershop

Evershop by Evershop

Evershop by Evershop

Evershop by Evershop

Evershop by Evershop

Evershop by Evershop

Evershop by Evershop

Evershop by Evershop

Evershop by Evershop

Evershop by Evershop

Evershop by Evershop

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Manual HMAC Secret Replacement

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities