CVE-2023-48703

RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the `xmlsec1` command line tool is called internally to verify the signature of SAML assertions. When `xmlsec1` is used without defining the enabled key data, the origin of the public key for the signature verification is, unfortunately, not restricted. That means an attacker can sign the SAML assertions themselves and provide the required public key (e.g. an RSA key) directly embedded in the SAML token. Projects still using RobotsAndPencils/go-saml should move to another SAML library or alternatively remove support for SAML from their projects. The vulnerability can likely temporarily be fixed by forking the go-saml project and adding the command line argument `--enabled-key-data` and specifying a value such as `x509` or `raw-x509-cert` when calling the `xmlsec1` binary in the verify function. Please note that this workaround must be carefully tested before it can be used.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://securitylab.github.com/advisories/GHSL-2023-121_go-saml__archived_/

Configurations

No configuration.

History

06 Mar 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-06 20:15

Updated : 2024-03-06 21:42

NVD link : CVE-2023-48703

Mitre link : CVE-2023-48703

CVE.ORG link : CVE-2023-48703

JSON object : View

Products Affected

No product.

CWE

CWE-287

Improper Authentication

7.5 /10