Duo Finds SAML Vulnerabilities Affecting Multiple Implementations


This blog post by Duo Senior AppSec Engineer Kelby Ludwig describes a new vulnerability class that affects SAML-based single sign-on (SSO) systems. This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim user’s password.

Kelby and the rest of the Duo Labs research team identified multiple vendors that were affected by this flaw:

  • OneLogin - python-saml - CVE-2017-11427
  • OneLogin - ruby-saml - CVE-2017-11428
  • Clever - saml2-js - CVE-2017-11429
  • OmniAuth-SAML - CVE-2017-11430
  • Shibboleth - CVE-2018-0489
  • Duo Network Gateway - CVE-2018-7340

We recommend that individuals that rely on SAML-based SSO to update any affected software to patch this vulnerability.

Learn more about the vulnerability and SAML in general in the blog.