SAML Remote Authentication Vulnerabilities

A series of vulnerabilities have been discovered in services that use Security Assertion Markup Language (SAML), an XML-based language which is most often used for single sign-on services.

Threat ID:: CC-2089
Category:
Threat Severity:: Medium
Threat Vector:
Published:: 1 March 2018 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

A series of vulnerabilities have been discovered in services that use Security Assertion Markup Language (SAML), an XML-based language which is most often used for single sign-on services.

Threat details

Some SAML implementations do not read the inner text of XML nodes correctly, meaning that the text is not considered when digitally signing the SAML message. A remote attacker can exploit this behaviour to modify SAML content without invalidating the digital signature. This means that authentication measures can be bypassed for the affected service providers.

For further information:

Vulnerability Note VU#475445

Remediation steps

Type	Step
	Check with your SAML service provider and apply any updates. Consider using two-factor authentication.

Last edited: 17 February 2020 12:54 pm