CVE-2022-23610

Name of the Vulnerable Software and Affected Versions wire-server versions prior to 2022-01-27

Description The issue allows an attacker to bypass SAML SSO and impersonate any Wire user with SAML credentials by crafting DSA Signatures. In teams with SAML but without SCIM, it is possible to create new accounts with fake SAML credentials. An upstream library for parsing, rendering, signing, and validating SAML XML data was accepting public keys as trusted that were provided by the attacker in the signature. To exploit this, the attacker needs to know the SSO login code, the SAML EntityID, and the SAML NameID of the user.

Recommendations For wire-server versions prior to 2022-01-27, update to version 2022-01-27 to resolve the issue. On premise instances of wire-server need to be updated to 2022-01-27. As a temporary workaround, consider restricting access to SAML SSO until the update is applied.