Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    6 vulnerabilities

    CVE-2018-7340 (GCVE-0-2018-7340)

    Vulnerability from cvelistv5 – Published: 2019-04-17 14:01 – Updated: 2024-08-05 06:24
    VLAI
    Title
    Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal
    Summary
    Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    duo
    References
    Impacted products
    Vendor Product Version
    Duo Security Duo Network Gateway Affected: unspecified , < 1.2.9 (custom)
    Create a notification for this product.
    Credits
    Kelby Ludwig of Duo Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:24:11.848Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/475445"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Duo Network Gateway",
              "vendor": "Duo Security",
              "versions": [
                {
                  "lessThan": "1.2.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Kelby Ludwig of Duo Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287: Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-17T14:01:03.000Z",
            "orgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
            "shortName": "duo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.kb.cert.org/vuls/id/475445"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@duo.com",
              "ID": "CVE-2018-7340",
              "STATE": "PUBLIC",
              "TITLE": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Duo Network Gateway",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "1.2.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Duo Security"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Kelby Ludwig of Duo Security"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287: Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations",
                  "refsource": "MISC",
                  "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
                },
                {
                  "name": "https://www.kb.cert.org/vuls/id/475445",
                  "refsource": "MISC",
                  "url": "https://www.kb.cert.org/vuls/id/475445"
                }
              ]
            },
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
        "assignerShortName": "duo",
        "cveId": "CVE-2018-7340",
        "datePublished": "2019-04-17T14:01:03.000Z",
        "dateReserved": "2018-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:24:11.848Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11430 (GCVE-0-2017-11430)

    Vulnerability from cvelistv5 – Published: 2019-04-17 14:00 – Updated: 2024-08-05 18:12
    VLAI
    Title
    Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal
    Summary
    OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    duo
    References
    Impacted products
    Vendor Product Version
    OmniAuth OmnitAuth-SAML Affected: unspecified , < 1.9.0 (custom)
    Create a notification for this product.
    Credits
    Kelby Ludwig of Duo Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:12:39.543Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/475445"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OmnitAuth-SAML",
              "vendor": "OmniAuth",
              "versions": [
                {
                  "lessThan": "1.9.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Kelby Ludwig of Duo Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287: Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-17T14:00:30.000Z",
            "orgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
            "shortName": "duo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.kb.cert.org/vuls/id/475445"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@duo.com",
              "ID": "CVE-2017-11430",
              "STATE": "PUBLIC",
              "TITLE": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OmnitAuth-SAML",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "1.9.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "OmniAuth"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Kelby Ludwig of Duo Security"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287: Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations",
                  "refsource": "MISC",
                  "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
                },
                {
                  "name": "https://www.kb.cert.org/vuls/id/475445",
                  "refsource": "MISC",
                  "url": "https://www.kb.cert.org/vuls/id/475445"
                }
              ]
            },
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
        "assignerShortName": "duo",
        "cveId": "CVE-2017-11430",
        "datePublished": "2019-04-17T14:00:30.000Z",
        "dateReserved": "2017-07-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T18:12:39.543Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11429 (GCVE-0-2017-11429)

    Vulnerability from cvelistv5 – Published: 2019-04-17 14:00 – Updated: 2024-08-05 18:12
    VLAI
    Title
    Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal
    Summary
    Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    duo
    References
    Impacted products
    Vendor Product Version
    Clever saml2-js Affected: unspecified , < 1.0 (custom)
    Affected: unspecified , < 2.0 (custom)
    Create a notification for this product.
    Credits
    Kelby Ludwig of Duo Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:12:39.610Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/475445"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "saml2-js",
              "vendor": "Clever",
              "versions": [
                {
                  "lessThan": "1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Kelby Ludwig of Duo Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287: Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-17T14:00:08.000Z",
            "orgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
            "shortName": "duo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.kb.cert.org/vuls/id/475445"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@duo.com",
              "ID": "CVE-2017-11429",
              "STATE": "PUBLIC",
              "TITLE": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "saml2-js",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "1.0"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Clever"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Kelby Ludwig of Duo Security"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287: Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations",
                  "refsource": "MISC",
                  "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
                },
                {
                  "name": "https://www.kb.cert.org/vuls/id/475445",
                  "refsource": "MISC",
                  "url": "https://www.kb.cert.org/vuls/id/475445"
                }
              ]
            },
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
        "assignerShortName": "duo",
        "cveId": "CVE-2017-11429",
        "datePublished": "2019-04-17T14:00:08.000Z",
        "dateReserved": "2017-07-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T18:12:39.610Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11428 (GCVE-0-2017-11428)

    Vulnerability from cvelistv5 – Published: 2019-04-17 13:59 – Updated: 2024-08-05 18:12
    VLAI
    Title
    Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal
    Summary
    OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    duo
    References
    Impacted products
    Vendor Product Version
    OneLogin Ruby-SAML Affected: unspecified , < 1.6.0 (custom)
    Create a notification for this product.
    Credits
    Kelby Ludwig of Duo Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:12:39.617Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/475445"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ruby-SAML",
              "vendor": "OneLogin",
              "versions": [
                {
                  "lessThan": "1.6.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Kelby Ludwig of Duo Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287: Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-17T13:59:53.000Z",
            "orgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
            "shortName": "duo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.kb.cert.org/vuls/id/475445"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@duo.com",
              "ID": "CVE-2017-11428",
              "STATE": "PUBLIC",
              "TITLE": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ruby-SAML",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "1.6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "OneLogin"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Kelby Ludwig of Duo Security"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287: Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations",
                  "refsource": "MISC",
                  "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
                },
                {
                  "name": "https://www.kb.cert.org/vuls/id/475445",
                  "refsource": "MISC",
                  "url": "https://www.kb.cert.org/vuls/id/475445"
                }
              ]
            },
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
        "assignerShortName": "duo",
        "cveId": "CVE-2017-11428",
        "datePublished": "2019-04-17T13:59:53.000Z",
        "dateReserved": "2017-07-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T18:12:39.617Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11427 (GCVE-0-2017-11427)

    Vulnerability from cvelistv5 – Published: 2019-04-17 13:59 – Updated: 2024-08-05 18:12
    VLAI
    Title
    Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal
    Summary
    OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    duo
    References
    Impacted products
    Vendor Product Version
    OneLogin PythonSAML Affected: unspecified , < 2.3.0 (custom)
    Create a notification for this product.
    Credits
    Kelby Ludwig of Duo Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:12:39.492Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/475445"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PythonSAML",
              "vendor": "OneLogin",
              "versions": [
                {
                  "lessThan": "2.3.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Kelby Ludwig of Duo Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287: Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-17T13:59:19.000Z",
            "orgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
            "shortName": "duo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.kb.cert.org/vuls/id/475445"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@duo.com",
              "ID": "CVE-2017-11427",
              "STATE": "PUBLIC",
              "TITLE": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "PythonSAML",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "OneLogin"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Kelby Ludwig of Duo Security"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287: Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations",
                  "refsource": "MISC",
                  "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
                },
                {
                  "name": "https://www.kb.cert.org/vuls/id/475445",
                  "refsource": "MISC",
                  "url": "https://www.kb.cert.org/vuls/id/475445"
                }
              ]
            },
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
        "assignerShortName": "duo",
        "cveId": "CVE-2017-11427",
        "datePublished": "2019-04-17T13:59:19.000Z",
        "dateReserved": "2017-07-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T18:12:39.492Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11424 (GCVE-0-2017-11424)

    Vulnerability from cvelistv5 – Published: 2017-08-24 16:00 – Updated: 2024-08-05 18:12
    VLAI
    Summary
    In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string `-----BEGIN RSA PUBLIC KEY-----` which is not accounted for. This enables symmetric/asymmetric key confusion attacks against users using the PKCS1 PEM encoded public keys, which would allow an attacker to craft JWTs from scratch.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    duo
    References
    URL Tags
    http://www.debian.org/security/2017/dsa-3979 vendor-advisoryx_refsource_DEBIAN
    https://github.com/jpadilla/pyjwt/pull/277 x_refsource_CONFIRM
    Date Public
    2017-06-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:12:39.550Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-3979",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3979"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/jpadilla/pyjwt/pull/277"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-06-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string `-----BEGIN RSA PUBLIC KEY-----` which is not accounted for. This enables symmetric/asymmetric key confusion attacks against users using the PKCS1 PEM encoded public keys, which would allow an attacker to craft JWTs from scratch."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-03T18:57:01.000Z",
            "orgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
            "shortName": "duo"
          },
          "references": [
            {
              "name": "DSA-3979",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3979"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/jpadilla/pyjwt/pull/277"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@duo.com",
              "ID": "CVE-2017-11424",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string `-----BEGIN RSA PUBLIC KEY-----` which is not accounted for. This enables symmetric/asymmetric key confusion attacks against users using the PKCS1 PEM encoded public keys, which would allow an attacker to craft JWTs from scratch."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-3979",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3979"
                },
                {
                  "name": "https://github.com/jpadilla/pyjwt/pull/277",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/jpadilla/pyjwt/pull/277"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
        "assignerShortName": "duo",
        "cveId": "CVE-2017-11424",
        "datePublished": "2017-08-24T16:00:00.000Z",
        "dateReserved": "2017-07-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T18:12:39.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }