SAML Remote Authentication Vulnerabilities

A series of vulnerabilities have been discovered in services that use Security Assertion Markup Language (SAML), an XML-based language which is most often used for single sign-on services.

Some SAML implementations do not read the inner text of XML nodes correctly, meaning that the text is not considered when digitally signing the SAML message. A remote attacker can exploit this behaviour to modify SAML content without invalidating the digital signature. This means that authentication measures can be bypassed for the affected service providers.

Affected Platforms

  • Confirmed to be affected:
    • Clever Inc.
    • Duo Security
    • OmniAuth
    • OneLogin
    • Shibboleth Consortium
  • Potentially affected:
    • Cisco
    • GitHub
    • Google
    • Microsoft

Resolution:

Check with your SAML service provider and apply any updates.

Consider using two-factor authentication.




Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.