Cloud Foundry Logo
blog single gear
Security Advisory

VU#475445: SAML Authentication Bypass

VU#475445: SAML Authentication Bypass

Severity

Medium/Advisory

Vendor

Duo Security

Description

Multiple SAML libraries may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

Affected Cloud Foundry Products and Versions

  • The Cloud Foundry team has determined that the UAA project is not exposed to this vulnerability and therefore does not require any upgrades.

References

History

2018-02-27: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES