Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05d3J3LXA5cm0tcjc4Ms4AA8Rx
onelogin/php-saml Improper signature validation on LogoutRequest/LogoutResponse.
In order to verify Signatures on Logoutrequests and LogoutResponses we use
the verifySignature of the class XMLSecurityKey from the xmlseclibs library.
That method end up calling openssl_verify() depending on the signature algorithm used.
The openssl_verify() function returns 1 when the signature was successfully verified,
0 if it failed to verify with the given key, and -1 in case an error occurs.
PHP allows translating numerical values to boolean implicitly, with the following correspondences:
- 0 equals false.
- Non-zero equals true.
This means that an implicit conversion to boolean of the values returned by openssl_verify()
will convert an error state, signaled by the value -1, to a successful verification of the
signature (represented by the boolean true).
The LogoutRequest/LogoutResponse signature validator was performing an implicit conversion to boolean
of the values returned by the verify() method, which subsequently will return the same output
as openssl_verify() under most circumstances.
This means an error during signature verification is treated as a successful verification by the method.
Since the signature validation of SAMLResponses were not affected, the impact of this security
vulnerability is lower, but an update of the php-saml toolkit is recommended.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05d3J3LXA5cm0tcjc4Ms4AA8Rx
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 4 months ago
Updated: 4 months ago
Identifiers: GHSA-9wrw-p9rm-r782
References:
- https://github.com/onelogin/php-saml/commit/949359f5cad5e1d085c4e5447d9aa8f49a6e82a1
- https://github.com/FriendsOfPHP/security-advisories/blob/master/onelogin/php-saml/2017-02-28.yaml
- https://github.com/advisories/GHSA-9wrw-p9rm-r782
Blast Radius: 0.0
Affected Packages
packagist:onelogin/php-saml
Dependent packages: 94Dependent repositories: 483
Downloads: 28,104,567 total
Affected Version Ranges: < 2.10.4
Fixed in: 2.10.4
All affected versions: 2.0.0, 2.1.0, 2.3.0, 2.4.0, 2.5.0, 2.6.0, 2.6.1, 2.7.0, 2.8.0, 2.9.0, 2.9.1, 2.10.0, 2.10.1, 2.10.2, 2.10.3
All unaffected versions: 2.10.4, 2.10.5, 2.10.6, 2.10.7, 2.11.0, 2.12.0, 2.13.0, 2.14.0, 2.15.0, 2.16.0, 2.17.0, 2.17.1, 2.18.0, 2.18.1, 2.19.0, 2.19.1, 2.20.0, 3.0.0, 3.1.0, 3.1.1, 3.2.0, 3.2.1, 3.3.0, 3.3.1, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 4.0.0, 4.0.1, 4.1.0, 4.2.0