Cloud Foundry Logo
blog single gear
Blog
Security Advisory

VU#475445: SAML Authentication Bypass

by: February 27, 2018

VU#475445: SAML Authentication Bypass

Severity

Medium/Advisory

Vendor

Duo Security

Description

Multiple SAML libraries may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

Affected Cloud Foundry Products and Versions

  • The Cloud Foundry team has determined that the UAA project is not exposed to this vulnerability and therefore does not require any upgrades.

References

History

2018-02-27: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

USN-3185-1: libXpm vulnerability
Security Advisory

USN-3185-1: libXpm vulnerability

by Cloud Foundry Foundation Security Team March 17, 2017
USN-4192-1: ImageMagick vulnerabilities
Security Advisory

USN-4192-1: ImageMagick vulnerabilities

by Cloud Foundry Foundation Security Team November 18, 2019
USN-5472-1: FFmpeg vulnerabilities
Security Advisory

USN-5472-1: FFmpeg vulnerabilities

by Cloud Foundry Foundation Security Team July 28, 2022
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept