omniauth-saml authentication bypass via incorrect XML canonicalization and DOM traversal
Published: February 27, 2018
SECURITY IDENTIFIERS
- CVE: CVE-2017-11430 (NVD)
- GHSA: GHSA-94hm-8q65-rmxm
- Vendor Advisory: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
GEM
SEVERITY
PATCHED VERSIONS
>= 1.10.0
DESCRIPTION
OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.