Lucene search
PRIOn knowledge basePRION:CVE-2022-39300HistoryOct 13, 2022 - 10:15 p.m.
Authentication flaw
2022-10-1322:15:00
PRIOn knowledge base
www.prio-n.com
3
authentication flaw
remote attacker
bypass saml
idp signed xml
unauthenticated attack
upgrade required
workaround
node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to node-saml version 4.0.0-beta5 or newer. Disabling SAML authentication may be done as a workaround.
| CPE | Name | Operator | Version |
|---|---|---|---|
| node_saml | eq | 4.0.0 beta1 | |
| node_saml | eq | 4.0.0 beta2 | |
| node_saml | eq | 4.0.0 beta0 | |
| node_saml | eq | 4.0.0 beta3 | |
| node_saml | eq | 4.0.0 beta4 | |
| node_saml | lt | 4.0.0 |
Related
github
github
Signature bypass via multiple root elements
2022-10-12 22:05:44
osv
osv
Signature bypass via multiple root elements
2022-10-12 22:05:44
CVE-2022-39300
2022-10-13 22:15:10
nvd
nvd
CVE-2022-39300
2022-10-13 22:15:10
cve
cve
CVE-2022-39300
2022-10-13 22:15:10
veracode
veracode
Improper Verification Of Cryptographic Signature
2022-10-14 13:06:52
cvelist
cvelist
CVE-2022-39300 Signature bypass via multiple root elements in node-SAML
2022-10-13 00:00:00