Overview
Multiple SAML libraries may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
Description
CWE-287: Improper Authentication Security Assertion Markup Language (SAML) is an XML-based markup language for security assertions regarding authentication and permissions, most commonly used for single sign-on (SSO) services. |
Impact
By modifying SAML content without invalidating the cryptographic signature, a remote, unauthenticated attacker may be able to bypass primary authentication for an affected SAML service provider. |
Solution
Apply updates |
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | 6.3 | AV:N/AC:M/Au:S/C:C/I:N/A:N |
Temporal | 4.9 | E:POC/RL:OF/RC:C |
Environmental | 4.9 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
Acknowledgements
Thanks to Kelby Ludwig of Duo Security for reporting this vulnerability.
This document was written by Garret Wassermann.
Other Information
CVE IDs: | CVE-2017-11427, CVE-2017-11428, CVE-2017-11429, CVE-2017-11430, CVE-2018-0489, CVE-2018-5387 |
Date Public: | 2018-02-27 |
Date First Published: | 2018-02-27 |
Date Last Updated: | 2018-06-05 18:02 UTC |
Document Revision: | 121 |