Authentication Bypass in github.com/russellhaering/gosaml2
Critical severity
GitHub Reviewed
Published
Dec 14, 2020
in
russellhaering/gosaml2
•
Updated Feb 16, 2023
Package
Affected versions
< 0.6.0
Patched versions
0.6.0
Description
Published by the National Vulnerability Database
Dec 14, 2020
Reviewed
May 21, 2021
Published to the GitHub Advisory Database
Feb 11, 2022
Last updated
Feb 16, 2023
Impact
Given a valid SAML Response, it may be possible for an attacker to mutate the XML document in such a way that gosaml2 will trust a different portion of the document than was signed.
Depending on the implementation of the Service Provider this enables a variety of attacks, including users accessing accounts other than the one to which they authenticated in the Identity Provider, or full authentication bypass.
Patches
Service Providers utilizing gosaml2 should upgrade to v0.6.0 or greater.
References