CVE-2023-48703

Name of the Vulnerable Software and Affected Versions go-saml versions all known versions

Description The go-saml library contains an authentication bypass issue due to the internal use of the xmlsec1 command line tool to verify SAML assertions without restricting the origin of the public key for signature verification. This allows an attacker to sign SAML assertions with a self-provided public key, such as an RSA key, embedded in the SAML token.

Recommendations For all known versions, consider forking the go-saml project and adding the command line argument --enabled-key-data with a value such as x509 or raw-x509-cert when calling the xmlsec1 binary in the verify function as a temporary workaround. However, this workaround must be carefully tested before use. Alternatively, projects should move to another SAML library or remove support for SAML from their projects.