Description
Describe the bug
This cookie is an internal cookie that is used by Keycloak. This cookie is used by Keycloak in the authentication flow to begin a new authentication flow if something happens and the flow needs to be restarted (https://github.com/keycloak/keycloak-community/pull/16/files/4c9b955990190344a3f1ed98c0a0a1dd62d1e8ec).
This cookie is classified as an internal cookie in Keycloak code. Here we can see the implementation for this cookie -> https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/RestartLoginCookie.java
On line 184, it can be seen that this cookie's category is set as 'INTERNAL'.
Keycloak has a token manager and this class is used to specify which algorithm should be used for each cookie type (https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/jose/jws/DefaultTokenManager.java#L192).
The issue we have is that because the KC_RESTART token has a category of 'INTERNAL', in the token manager class on line 192, it can be seen that it is hardcoded in Keycloak to always use HS256 algorithm for this type of token. HS256 is a weak algorithm.
Version
17.0.1
Expected behavior
Either the algorithm should be changed to a secure one or there should be an option to change the algorithm.
Actual behavior
The token stored as KC_RESTART cookie uses weak algorithm HS256
How to Reproduce?
Decode the JWT token stored as KC_RESTART cookie using a Burp Suite Extender extension such as JSON Web Tokens to identify that the algorithm in use 'alg' value is 'HS256'
Anything else?
No response