Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00bWg4LTl3cTYtcmp4Z84AA00j
OpenAM vulnerable to user impersonation using SAMLv1.x SSO process
Impact
OpenAM up to version 14.7.2 does not properly validate the signature of SAML responses received as part of the SAMLv1.x Single Sign-On process. Attackers can use this fact to impersonate any OpenAM user, including the administrator, by sending a specially crafted SAML response to the SAMLPOSTProfileServlet servlet.
Patches
This problem has been patched in OpenAM 14.7.3-SNAPSHOT and later
Workarounds
One should comment servlet SAMLPOSTProfileServlet
in web.xml or disable SAML in OpenAM
<servlet>
<description>SAMLPOSTProfileServlet</description>
<servlet-name>SAMLPOSTProfileServlet</servlet-name>
<servlet-class>com.sun.identity.saml.servlet.SAMLPOSTProfileServlet</servlet-class>
</servlet>
...
<servlet-mapping>
<servlet-name>SAMLSOAPReceiver</servlet-name>
<url-pattern>/SAMLSOAPReceiver</url-pattern>
</servlet-mapping>
References
#624
Permalink: https://github.com/advisories/GHSA-4mh8-9wq6-rjxgJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00bWg4LTl3cTYtcmp4Z84AA00j
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: 10 months ago
Updated: 6 months ago
CVSS Score: 9.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Identifiers: GHSA-4mh8-9wq6-rjxg, CVE-2023-37471
References:
- https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-4mh8-9wq6-rjxg
- https://nvd.nist.gov/vuln/detail/CVE-2023-37471
- https://github.com/OpenIdentityPlatform/OpenAM/pull/624
- https://github.com/OpenIdentityPlatform/OpenAM/commit/7c18543d126e8a567b83bb4535631825aaa9d742
- https://github.com/advisories/GHSA-4mh8-9wq6-rjxg
Blast Radius: 7.1
Affected Packages
maven:org.openidentityplatform.openam:openam-federation-library
Dependent packages: 12Dependent repositories: 6
Downloads:
Affected Version Ranges: < 14.7.3
Fixed in: 14.7.3
All affected versions: 14.5.2, 14.5.3, 14.5.4, 14.6.1, 14.6.2, 14.6.3, 14.6.4, 14.6.5, 14.6.6, 14.7.0, 14.7.1, 14.7.2
All unaffected versions: 14.7.3, 14.7.4, 14.8.1, 14.8.2, 14.8.3, 14.8.4