CVE-2020-5425

Name of the Vulnerable Software and Affected Versions Single Sign-On for Vmware Tanzu versions prior to 1.11.3 Single Sign-On for Vmware Tanzu versions 1.12.x prior to 1.12.4 Single Sign-On for Vmware Tanzu versions 1.13.x prior to 1.13.1

Description The issue allows for a user impersonation attack. If two users with the same username from different identity providers are logged in to the SSO operator dashboard simultaneously, one can acquire the token of the other, thus operating with their permissions. This issue is specifically relevant when the system zone uses a SAML identity provider, and there are internal users with the same username as users in the external SAML provider who have access to the SSO operator dashboard. The vulnerability does not occur with LDAP due to chained authentication.

Recommendations For versions prior to 1.11.3, update to version 1.11.3 or later. For versions 1.12.x prior to 1.12.4, update to version 1.12.4 or later. For versions 1.13.x prior to 1.13.1, update to version 1.13.1 or later. As a temporary workaround, consider restricting access to the SSO operator dashboard for users with duplicate usernames across different identity providers.