SAML vulnerability VU#475445

 

Overview

Security researchers from Duo Labs and the US Computer Emergency Response Team Coordination Center (CERT/CC) released security advisories detailing a new SAML vulnerability https://www.kb.cert.org/vuls/id/475445. Oomnitza utilizes the python-saml open source library and is affected by this vulnerability. To resolve this issue a patch will be deployed for all systems by Monday, March 5, 2018.

Impact

By modifying SAML content without invalidating the cryptographic signature, a remote, unauthenticated attacker may be able to bypass primary authentication for OneLogin and other affected SAML service providers. Oomnitza does not have any indication that the vulnerability was exploited in our systems.

Customer Required Action

No action steps are required on your part. If you have any questions, please contact support@oomnitza.com.

Mitigating The Vulnerability

If possible, it is recommended to temporarily disable OneLogin SAML support in the settings until the patch is deployed by March 5, 2018. If this is not possible, system operations engineers can configure a whitelist of accepted networks and domain names to limit who can authenticate to the application.
 

Resources

-  https://duo.com/labs/psa/duo-psa-2017-003
-  https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
-  https://support.onelogin.com/hc/en-us/articles/360001271891
-  https://www.kb.cert.org/vuls/id/475445
-  https://cwe.mitre.org/data/definitions/287.html
-  https://shibboleth.net/community/advisories/secadv_20180112.txt
 

The Oomnitza Team
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk