SAML Flaw Allows Attackers Unauthorized Access

Security researchers from Duo Labs and the US Computer Emergency Response Team Coordination Center (CERT/CC) detected a vulnerability affecting Security Assertion Markup Language (SAML), a common protocol used in Single Sign-On (SSO) solutions. Exploitation of this flaw could allow attackers to bypass account authentication without knowledge of the victim’s password. However, in order to exploit this vulnerability, attackers must have a registered account on the victim’s network. According to Duo Labs, affected vendors include OneLogin - python-saml (CVE-2017-11427), OneLogin - ruby-saml (CVE-2017-11428), Clever - saml2-js (CVE-2017-11429), OmniAuth-SAML (CVE-2017-11430), Shibboleth (CVE-2018-0489), and Duo Network Gateway (CVE-2018-7340). The NJCCIC recommends users and administrators of SAML-based systems review the advisories published by Duo Labs and CERT/CC and apply software updates as soon as they become available. We also recommend disabling public registration on sensitive networks, conducting an audit of user accounts, and enabling multi-factor authentication.