Security Bulletin: IBM Cloud Pak for Data is vulnerable to bypass SAML authentication due to passport-saml ( CVE-2022-39299 )

Summary Passport-saml is used by IBM Cloud Pak for Data for SAML authentication. CVE-2022-39299. Vulnerability Details CVEID:CVE-2022-39299 DESCRIPTION: Node.js passport-saml module could allow a remote attacker to bypass security restrictions, caused by improper verification of cryptographic...

Exploit for Improper Verification of Cryptographic Signature in Passport-Saml_Project Passport-Saml

Exploiting CVE-2022-39299 Signature bypass via multiple ro...

Improper Verification Of Cryptographic Signature

Passport-saml is vulnerable to improper cryptographic signature verification. A remote attacker is able to bypass SAML authentication via an arbitrary IDP signed XML element, due to improper checks for a valid top-level signature in saml.ts...

CVE-2022-39300

node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the...

CVE-2022-39300 Signature bypass via multiple root elements in node-SAML

node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the...

GHSA-5P8W-2MVW-38PV Signature bypass via multiple root elements

Impact A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks e.g without access to a valid user...

Signature bypass via multiple root elements

Impact A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks e.g without access to a valid user...

GHSA-M974-647V-WHV7 Signature bypass via multiple root elements

Impact A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks e.g without access to a valid user...

CVE-2022-39299

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML elemen...

Authentication flaw

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML elemen...

CVE-2022-39299 Signature bypass via multiple root elements in Passport-SAML

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML elemen...

CVE-2022-39299 Signature bypass via multiple root elements in Passport-SAML

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML elemen...

CVE-2022-39299

CVE-2022-39299 affects the passport-saml library (Node.js) and allows remote authentication bypass via improper verification of cryptographic signatures in SAML responses. A attacker must present an arbitrary IDP-signed XML element; depending on IdP, fully unauthenticated access may be feasible i...

Unlimited transforms allowed for signed nodes

Impact A malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This would be an effective way to perform a denial-of-service attack. Patches This has been resolved in version 3.1.0. The resolution is to...

@3wks/gae-node-nestjs (>=0.1.0 <=6.0.0-rc.0), @aeroline_1025/hapi-corpsso (>=2.1.3 <=2.3.0) +72 more potentially affected by CVE-2021-39171 via passport-saml (>=0.12.0 <=2.2.0)

passport-saml NPM version =0.12.0, =0.1.0, =2.1.3, =1.0.0, =4.0.0, =0.0.0-nightly-2020972106, =3.4.2, =0.1.0, =1.0.0, =1.0.0, =2.4.0, =7.1.1, =6.2.2, =1.1.109, =1.3.78 and more Source cves: CVE-2021-39171 Source advisory: OSV:GHSA-5379-R78W-42H2...

GHSA-5379-R78W-42H2 Unlimited transforms allowed for signed nodes

Impact A malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This would be an effective way to perform a denial-of-service attack. Patches This has been resolved in version 3.1.0. The resolution is to...

CVE-2021-39171

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This would be an...

CVE-2021-39171

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This would be an...

CVE-2021-39171

Passport-SAML is affected by a resource-exhaustion issue in transforms prior to version 3.1.0, where a malicious SAML payload can cause high CPU/memory usage and deny service. The root cause is unrestricted transforms on signed nodes, which could lead to denial-of-service under crafted loads. The...

CVE-2021-39171 Unlimited transforms allowed for signed nodes

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This would be an...