CVE-2022-39300 – Signature bypass via multiple root elements in node-SAML
https://notcve.org/view.php?id=CVE-2022-39300
node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to node-saml version 4.0.0-beta5 or newer. • https://github.com/node-saml/node-saml/commit/c1f275c289c01921e58f5c70ce0fdbc5287e5fbe https://github.com/node-saml/node-saml/security/advisories/GHSA-5p8w-2mvw-38pv • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2022-39299 – Signature bypass via multiple root elements in Passport-SAML
https://notcve.org/view.php?id=CVE-2022-39299
Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to passport-saml version 3.2.2 or newer. • http://packetstormsecurity.com/files/169826/Node-saml-Root-Element-Signature-Bypass.html https://github.com/node-saml/passport-saml/commit/8b7e3f5a91c8e5ac7e890a0c90bc7491ce33155e https://github.com/node-saml/passport-saml/security/advisories/GHSA-m974-647v-whv7 • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2021-39171 – Unlimited transforms allowed for signed nodes
https://notcve.org/view.php?id=CVE-2021-39171
Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This would be an effective way to perform a denial-of-service attack. This has been resolved in version 3.1.0. The resolution is to limit the number of allowable transforms to 2. • https://github.com/node-saml/passport-saml/pull/595 https://github.com/node-saml/passport-saml/security/advisories/GHSA-5379-r78w-42h2 • CWE-400: Uncontrolled Resource Consumption •
CVE-2020-27846 – crewjam/saml: authentication bypass in saml authentication
https://notcve.org/view.php?id=CVE-2020-27846
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se presenta una vulnerabilidad de verificación de firmas en crewjam/saml. Este fallo permite a un atacante omitir la autenticación SAML. • https://bugzilla.redhat.com/show_bug.cgi?id=1907670 https://github.com/crewjam/saml/security/advisories/GHSA-4hq8-gmxx-h6w9 https://grafana.com/blog/2020/12/17/grafana-6.7.5-7.2.3-and-7.3.6-released-with-important-security-fix-for-grafana-enterprise https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YUTKIRWT6TWU7DS6GF3EOANVQBFQZYI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICP3YRY2VUCNCF2VFUSK77ZMRIC77FEM https://mattermos • CWE-115: Misinterpretation of Input •
CVE-2017-11430 – Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal
https://notcve.org/view.php?id=CVE-2017-11430
OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. OmniAuth OmnitAuth-SAML versión 1.9.0 y versiones anteriores pueden utilizar incorrectamente los resultados de las API de transversalización y canonicalización de DOM de XML de tal manera que un atacante pueda manipular los datos de SAML sin invalidar la firma criptográfica, lo que permite que el ataque omita la identificación de los proveedores de servicio SAML. • https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations https://www.kb.cert.org/vuls/id/475445 • CWE-287: Improper Authentication •