CVE-2022-23505

2022-12-1308:15:09

CWE-287

[email protected]

web.nvd.nist.gov

cve-2022-23505

passport-wsfed-saml2

authentication bypass

wsfed

saml2

remote attacker

idp

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.3%

JSON

Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession of an arbitrary IDP signed assertion. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. This issue is patched in version 4.6.3. Use of SAML2 authentication instead of WSFed is a workaround.

Affected configurations

Vulners

NVD

Node

auth0passport-wsfed-saml2Range<4.6.3

VendorProductVersionCPE
auth0passport\-wsfed\-saml2*cpe:2.3:a:auth0:passport\-wsfed\-saml2:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
auth0	passport\-wsfed\-saml2	*	cpe:2.3:a:auth0:passport\-wsfed\-saml2::::::::

CNA Affected

[
  {
    "vendor": "auth0",
    "product": "passport-wsfed-saml2",
    "versions": [
      {
        "version": "< 4.6.3",
        "status": "affected"
      }
    ]
  }
]