PT-2022-24881 · Unknown+1 · Passport-Saml+1
Felix Wilhelm
·
Published
2022-10-12
·
Updated
2023-03-01
·
CVE-2022-39299
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Passport-SAML versions prior to 3.2.2
node-saml versions prior to 4.0.0-beta.5
Description
A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks might also be feasible if generation of a signed message can be triggered.
Recommendations
For Passport-SAML versions prior to 3.2.2, upgrade to version 3.2.2 or newer.
For node-saml versions prior to 4.0.0-beta.5, upgrade to version 4.0.0-beta.5 or newer.
As a temporary workaround, consider disabling SAML authentication until a patch is available.
Exploit
Fix
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Passport-Saml
Node-Saml