Описание
A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.
Отчет
This vulnerability is of high severity due to its potential to facilitate privilege escalation and user impersonation in systems using SAML for authentication. The core issue stems from improper validation logic in Keycloak's signature validation method, which relies on the position of signatures rather than explicitly checking the referenced elements. By manipulating the XML structure, an attacker can bypass signature validation and inject an unsigned assertion while retaining a valid signed one. This allows unauthorized access to high-privileged accounts, leading to significant security risks in SAML-based identity providers and service providers.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Build of Keycloak | org.keycloak/keycloak-saml-core-public | Affected | ||
| Red Hat Single Sign-On 7 | org.keycloak/keycloak-saml-core-public | Affected | ||
| Red Hat Build of Keycloak | Fixed | RHSA-2024:6888 | 19.09.2024 | |
| Red Hat Build of Keycloak | org.keycloak/keycloak-saml-core | Fixed | RHSA-2024:6890 | 19.09.2024 |
| Red Hat build of Keycloak 22 | rhbk/keycloak-operator-bundle | Fixed | RHSA-2024:6887 | 19.09.2024 |
| Red Hat build of Keycloak 22 | rhbk/keycloak-rhel9 | Fixed | RHSA-2024:6887 | 19.09.2024 |
| Red Hat build of Keycloak 22 | rhbk/keycloak-rhel9-operator | Fixed | RHSA-2024:6887 | 19.09.2024 |
| Red Hat build of Keycloak 24 | rhbk/keycloak-operator-bundle | Fixed | RHSA-2024:6889 | 19.09.2024 |
| Red Hat build of Keycloak 24 | rhbk/keycloak-rhel9 | Fixed | RHSA-2024:6889 | 19.09.2024 |
| Red Hat build of Keycloak 24 | rhbk/keycloak-rhel9-operator | Fixed | RHSA-2024:6889 | 19.09.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.7 High
CVSS3
Связанные уязвимости
A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.
A flaw exists in the SAML signature validation method within the Keycl ...
Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak
Уязвимость класса XMLSignatureUtil программного средства для управления идентификацией и доступом Keycloak, позволяющая нарушителю обойти существующие ограничения безопасности и повысить свои привилегии
EPSS
7.7 High
CVSS3