SAML authentication bypass via Incorrect XPath selector
Critical severity
GitHub Reviewed
Published
Sep 10, 2024
in
SAML-Toolkits/ruby-saml
•
Updated Sep 16, 2024
Package
Affected versions
< 1.12.3
>= 1.13.0, < 1.17.0
Patched versions
1.12.3
1.17.0
Description
Published by the National Vulnerability Database
Sep 10, 2024
Published to the GitHub Advisory Database
Sep 10, 2024
Reviewed
Sep 10, 2024
Last updated
Sep 16, 2024
Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system.
This vulnerability was reported by ahacker1 of SecureSAML (ahacker1@securesaml.com)
References