PT-2023-25053 · Topdesk · Topdesk
Char49
·
Published
2023-06-22
·
Updated
2023-06-30
·
CVE-2023-34923
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
TOPdesk version 12.10.12
Description
The issue allows bad actors with credentials to authenticate with the Identity Provider to impersonate any TOPdesk user via SAML Response manipulation. This is due to XML Signature Wrapping (XSW) in the SAML-based Single Sign-on feature.
Recommendations
For TOPdesk version 12.10.12, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Topdesk