CVE-2023-34923

2023-06-2200:00:00

mitre

www.cve.org

cve-2023-34923

xml signature wrapping

saml-based single sign-on

topdesk

identity provider

impersonation

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.4%

JSON

XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation.

References

char49.com/articles/topdesk-vulnerable-to-xml-signature-wrapping-attacks

my.topdesk.com/tas/public/ssp/content/detail/knowledgeitem?unid=56a16ba1c2824e9a82655892ba75d3c0