GitHub Advisory DatabaseGHSA-8JJF-W7J6-323CSamlify vulnerable to Authentication Bypass by allowing tokens to be reused with different usernames
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
44.4%
Versions of samlify prior to 2.4.0-rc5 are vulnerable to Authentication Bypass. The package fails to prevent XML Signature Wrapping, allowing tokens to be reused with different usernames. A remote attacker can modify SAML content for a SAML service provider without invalidating the cryptographic signature, which may allow attackers to bypass primary authentication for the affected SAML service provider.
Recommendation
Upgrade to version 2.4.0-rc5 or later
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| samlify_project | samlify | * | cpe:2.3:a:samlify_project:samlify:*:*:*:*:*:*:*:* |
References
github.com/advisories/GHSA-8jjf-w7j6-323c
github.com/tngan/samlify/commit/d382bbc7c6b8ea889839ae1f178730c25b09eb42
github.com/tngan/samlify/compare/v2.4.0-rc4...v2.4.0-rc5
github.com/tngan/samlify/releases/tag/v2.4.0-rc5
hackerone.com/reports/356284
nvd.nist.gov/vuln/detail/CVE-2017-1000452
www.whitehats.nl/blog/xml-signature-wrapping-samlify
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
44.4%