Cloud Foundry Logo
blog single gear
Blog
Security Advisory

VU#475445: SAML Authentication Bypass

by: February 27, 2018

VU#475445: SAML Authentication Bypass

Severity

Medium/Advisory

Vendor

Duo Security

Description

Multiple SAML libraries may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

Affected Cloud Foundry Products and Versions

  • The Cloud Foundry team has determined that the UAA project is not exposed to this vulnerability and therefore does not require any upgrades.

References

History

2018-02-27: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

USN-4670-1: ImageMagick vulnerabilities
Security Advisory

USN-4670-1: ImageMagick vulnerabilities

by Cloud Foundry Foundation Security Team February 10, 2021
CVE-2019-9893: Dependency on vulnerable version of libseccomp
Security Advisory

CVE-2019-9893: Dependency on vulnerable version of libseccomp

by Cloud Foundry Foundation Security Team August 12, 2019
USN-3117-1: GD library vulnerabilities
Security Advisory

USN-3117-1: GD library vulnerabilities

by Cloud Foundry Foundation Security Team December 19, 2016
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept