identity-saml-sinatra icon indicating copy to clipboard operation
identity-saml-sinatra copied to clipboard
verified publisher icon 18F

Fix SAML authentication bypass Incorrect `XPath` selector

Open odaysec opened this issue 10 months ago • 0 comments

Ruby-SAML The project identity-saml-sinatra properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system.

POST /users/auth/saml/callback HTTP/1.1
Host: gitlab.test.local
[...]

- SAMLResponse=PHNhbWxwOlJlc3Bv[...]

CVE-2024-45409 WeaknessCWE-347

odaysec avatar Feb 02 '25 05:02 odaysec