Security advisories

SAML Authentication Vulnerability

February 26, 2019 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

Researchers have discovered a vulnerability affecting Single Sign-On (SSO) systems that rely on Security Assertion Markup Language (SAML). SAML is a standard for authenticating end users to web applications. If successfully exploited, an attacker would be able to impersonate a legitimate user and obtain privileged information. There are a variety of different methods and libraries that employ the SAML standard for SSO, requiring a security fix for each affected library. This particular attack requires an attacker to have an account already created. The attacker then modifies their account name to impersonate another individual.

What we’re doing about it

What you should do about it

Additional information

The SAML vulnerability takes advantage of libraries incorrectly parsing commented strings and XML canonicalization for signing authentication tokens. The attackers are able to impersonate a legitimate user without altering the cryptographic signature.

Known Affected Systems:

For an in-depth explanation of the SAML vulnerability see the link below:

https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations

View Most Recent Advisories