SAML Remote Authentication Vulnerabilities

A series of vulnerabilities have been discovered in services that use Security Assertion Markup Language (SAML), an XML-based language which is most often used for single sign-on services.

Some SAML implementations do not read the inner text of XML nodes correctly, meaning that the text is not considered when digitally signing the SAML message. A remote attacker can exploit this behaviour to modify SAML content without invalidating the digital signature. This means that authentication measures can be bypassed for the affected service providers.

Affected Platforms

  • Confirmed to be affected:
    • Clever Inc.
    • Duo Security
    • OmniAuth
    • OneLogin
    • Shibboleth Consortium
  • Potentially affected:
    • Cisco
    • GitHub
    • Google
    • Microsoft


Check with your SAML service provider and apply any updates.

Consider using two-factor authentication.

Leave a Reply