Multiple SAML libraries may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
CWE-287: Improper Authentication
Security Assertion Markup Language (SAML) is an XML-based markup language for security assertions regarding authentication and permissions, most commonly used for single sign-on (SSO) services.
By modifying SAML content without invalidating the cryptographic signature, a remote, unauthenticated attacker may be able to bypass primary authentication for an affected SAML service provider.
ComponentSpace Pty Ltd
Pivotal Software, Inc.
Danish e-Infrastructure Cooperation (WAYF)
Thanks to Kelby Ludwig of Duo Security for reporting this vulnerability.
This document was written by Garret Wassermann.