GHSA-8jjf-w7j6-323c

Опубликовано: 04 янв. 2018

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Samlify vulnerable to Authentication Bypass by allowing tokens to be reused with different usernames

Versions of samlify prior to 2.4.0-rc5 are vulnerable to Authentication Bypass. The package fails to prevent XML Signature Wrapping, allowing tokens to be reused with different usernames. A remote attacker can modify SAML content for a SAML service provider without invalidating the cryptographic signature, which may allow attackers to bypass primary authentication for the affected SAML service provider.

Recommendation

Upgrade to version 2.4.0-rc5 or later

Ссылки

Пакеты

Наименование

samlify

npm

Затронутые версииВерсия исправления

< 2.4.0-rc5

2.4.0-rc5

EPSS

Процентиль: 34%

0.00136

Низкий

7.5 High

CVSS3

CVE ID

CVE-2017-1000452

Дефекты

CWE-347

CWE-91

Связанные уязвимости

CVE-2017-1000452

CVSS3: 7.5

nvd

около 8 лет назад

An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.

EPSS

Процентиль: 34%

0.00136

Низкий

7.5 High

CVSS3

CVE ID

CVE-2017-1000452

Дефекты

CWE-347

CWE-91