Kelby Ludwig

Name of the Vulnerable Software and Affected Versions: Duo Network Gateway versions 1.2.9 and earlier Description: The issue may allow an attacker to manipulate SAML data without invalidating its cryptographic signature, potentially bypassing authentication to SAML service providers. This is due to incorrect utilization of XML DOM traversal and canonicalization APIs results. Recommendations: For Duo Network Gateway versions 1.2.9 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OneLogin PythonSAML versions 2.3.0 and earlier **Description** The issue may allow an attacker to manipulate SAML data without invalidating its cryptographic signature, potentially bypassing authentication to SAML service providers. This is due to incorrect utilization of XML DOM traversal and canonicalization APIs. **Recommendations** For versions 2.3.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OneLogin Ruby-SAML versions 1.6.0 and earlier **Description** The issue may allow an attacker to manipulate SAML data without invalidating its cryptographic signature, potentially bypassing authentication to SAML service providers. This is due to incorrect utilization of XML DOM traversal and canonicalization APIs. **Recommendations** For OneLogin Ruby-SAML versions 1.6.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** saml2-js versions prior to 1.12.4 saml2-js versions prior to 2.0.2 **Description** The issue arises from the incorrect utilization of XML DOM traversal and canonicalization APIs, allowing an attacker to manipulate SAML data without invalidating its cryptographic signature. This could potentially bypass authentication to SAML service providers. Security Assertion Markup Language (SAML) is used for security assertions regarding authentication and permissions, commonly in single sign-on (SSO) services. Some XML DOM traversal and canonicalization APIs handle comments within XML nodes inconsistently, leading to incorrect parsing of inner text in XML nodes. As a result, any inner text after a comment is lost before the SAML message is cryptographically signed, and thus has no impact on the signature. A remote attacker can modify SAML content without invalidating the signature, potentially allowing them to bypass primary authentication. **Recommendations** If you use version 1.x, upgrade to version 1.12.4 or greater. If you use version 2.x, upgrade to version 2.0.2 or greater.

**Name of the Vulnerable Software and Affected Versions** OmniAuth OmniAuth-SAML versions 1.9.0 and earlier **Description** The issue arises from incorrect utilization of XML DOM traversal and canonicalization APIs, allowing an attacker to manipulate SAML data without invalidating its cryptographic signature. This could potentially enable the attacker to bypass authentication to SAML service providers. **Recommendations** For OmniAuth OmniAuth-SAML versions 1.9.0 and earlier, consider updating to a version that correctly handles XML DOM traversal and canonicalization APIs to prevent SAML data manipulation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Shibboleth XMLTooling-C versions prior to 1.6.4 Shibboleth Service Provider versions prior to 2.6.1.4 on Windows **Description** The issue is related to the mishandling of digital signatures of user data, allowing remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. This is due to an incomplete fix for a previous issue. **Recommendations** For Shibboleth XMLTooling-C versions prior to 1.6.4, update to version 1.6.4 or later to resolve the issue. For Shibboleth Service Provider versions prior to 2.6.1.4 on Windows, update to version 2.6.1.4 or later to resolve the issue.