{"uuid": "a2a88637-14e4-4d10-89af-ca3d6d045b63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45409", "type": "exploited", "source": "https://t.me/cibsecurity/80327", "content": "\ud83e\udd85 Active Exploitation of SAML Vulnerability CVE-2024-45409 Detected by Cyble Sensors \ud83e\udd85\n\n  Overview   On September 10, 2024, a critical vulnerability, CVE202445409, was identified by ahacker1 of SecureSAML. The vulnerability was then patched in the RubySAML library, which is widely used for implementing SAML Security Assertion Markup Language authorization.   This flaw affects RubySAML versions up to 1.12.2 and between 1.13.0 and 1.16.0 and stems from an incorrect XPath selector that prevents the proper verification of the SAML Response signature. An unauthenticated attacker with access to a signed SAML document from a legitimate identity provider IdP can exploit this vulnerability by forging a SAML Response or Assertion. This allows the attacker to bypass the authentication mechanism and potentially gain unauthorized access to sensitive data and critical systems.   SAML is...\n\n\ud83d\udcd6 Read more.\n\n\ud83d\udd17 Via \"CYBLE\"\n\n----------\n\ud83d\udc41\ufe0f Seen on @cibsecurity", "creation_timestamp": "2024-10-15T16:49:25.000000Z"}