A series of vulnerabilities have been discovered in services that use Security Assertion Markup Language (SAML), an XML-based language which is most often used for single sign-on services.
Some SAML implementations do not read the inner text of XML nodes correctly, meaning that the text is not considered when digitally signing the SAML message. A remote attacker can exploit this behaviour to modify SAML content without invalidating the digital signature. This means that authentication measures can be bypassed for the affected service providers.
- Confirmed to be affected:
- Clever Inc.
- Duo Security
- Shibboleth Consortium
- Potentially affected:
Check with your SAML service provider and apply any updates.
Consider using two-factor authentication.