Authentication Bypass

2024-08-0708:24:20

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

authentication bypass

vulnerability

configuration

xmlsec1

saml

library

attacker

signature verification

public key

saml token.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.6

Confidence

Low

JSON

github.com/RobotsAndPencils/go-saml is vulnerable to an Authentication Bypass. The vulnerability is due to improper configuration of the xmlsec1 tool in the go-saml library, which fails to restrict the origin of the public key used for signature verification. It allows an attacker to sign SAML assertions themselves and provide the required public key directly embedded in the SAML token.