Описание
Passport-wsfed-saml2 allows SAML Authentication Bypass via Signature Wrapping
Overview
This vulnerability allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP.
Am I Affected?
You are affected by this SAML Signature Wrapping vulnerability if you are using passport-wsfed-saml2 version 4.6.3 or below, specifically under the following conditions:
- The service provider is using
passport-wsfed-saml2, - A valid SAML document signed by the Identity Provider can be obtained.
Fix
Upgrade to v4.6.4 or greater.
Пакеты
passport-wsfed-saml2
>= 3.0.5, <= 4.6.3
4.6.4
Связанные уязвимости
passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP. Users are affected specifically when the service provider is using passport-wsfed-saml2 and a valid SAML document signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability.