SAML Remote Authentication Vulnerabilities
A series of vulnerabilities have been discovered in services that use Security Assertion Markup Language (SAML), an XML-based language which is most often used for single sign-on services.
Some SAML implementations do not read the inner text of XML nodes correctly, meaning that the text is not considered when digitally signing the SAML message. A remote attacker can exploit this behaviour to modify SAML content without invalidating the digital signature. This means that authentication measures can be bypassed for the affected service providers.
Affected Platforms
- Confirmed to be affected:
- Clever Inc.
- Duo Security
- OmniAuth
- OneLogin
- Shibboleth Consortium
- Potentially affected:
- Cisco
- GitHub
- Microsoft
Resolution:
Check with your SAML service provider and apply any updates.
Consider using two-factor authentication.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.