Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

Overview
Multiple SAML libraries may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
Description

Impact
By modifying SAML content without invalidating the cryptographic signature, a remote, unauthenticated attacker may be able to bypass primary authentication for an affected SAML service provider.

Read more at – Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

Tags: , ,