Описание
Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling
Overview
This vulnerability allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response.
Am I Affected?
You are affected by this SAML Attribute Smuggling vulnerability if you are using passport-wsfed-saml2 version 4.6.3 or below, specifically under the following conditions:
- The service provider is using
passport-wsfed-saml2, - A valid SAML Response signed by the Identity Provider can be obtained
Fix
Upgrade to v4.6.4 or greater.
Пакеты
passport-wsfed-saml2
>= 3.0.5, <= 4.6.3
4.6.4
Связанные уязвимости
passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. Users are affected specifically when the service provider is using `passport-wsfed-saml2` and a valid SAML Response signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability.