GHSA-4mh8-9wq6-rjxg
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4mh8-9wq6-rjxg
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-4mh8-9wq6-rjxg/GHSA-4mh8-9wq6-rjxg.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4mh8-9wq6-rjxg
- Aliases
- Published
- 2023-07-20T18:54:13Z
- Modified
- 2024-02-16T08:22:14.354653Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- OpenAM vulnerable to user impersonation using SAMLv1.x SSO process
- Details
-
Impact
OpenAM up to version 14.7.2 does not properly validate the signature of SAML responses received as part of the SAMLv1.x Single Sign-On process. Attackers can use this fact to impersonate any OpenAM user, including the administrator, by sending a specially crafted SAML response to the SAMLPOSTProfileServlet servlet.
Patches
This problem has been patched in OpenAM 14.7.3-SNAPSHOT and later
Workarounds
One should comment servlet
SAMLPOSTProfileServletin web.xml or disable SAML in OpenAM<servlet> <description>SAMLPOSTProfileServlet</description> <servlet-name>SAMLPOSTProfileServlet</servlet-name> <servlet-class>com.sun.identity.saml.servlet.SAMLPOSTProfileServlet</servlet-class> </servlet> ... <servlet-mapping> <servlet-name>SAMLSOAPReceiver</servlet-name> <url-pattern>/SAMLSOAPReceiver</url-pattern> </servlet-mapping>References
624
- Database specific
{ "nvd_published_at": "2023-07-20T17:15:10Z", "cwe_ids": [ "CWE-287" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2023-07-20T18:54:13Z" }- References
-
- https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-4mh8-9wq6-rjxg
- https://nvd.nist.gov/vuln/detail/CVE-2023-37471
- https://github.com/OpenIdentityPlatform/OpenAM/pull/624
- https://github.com/OpenIdentityPlatform/OpenAM/commit/7c18543d126e8a567b83bb4535631825aaa9d742
- https://github.com/OpenIdentityPlatform/OpenAM
Affected packages
Maven / org.openidentityplatform.openam:openam-federation-library
Package
- Name
- org.openidentityplatform.openam:openam-federation-library
- View open source insights on deps.dev
- Purl
- pkg:maven/org.openidentityplatform.openam/openam-federation-library