GMS-2023-1886: passport-wsfed-saml2 Signature Bypass vulnerability

Information

Please note that this is not a new disclosure, and is previously reported in our SECURITY-NOTICE.md which we removed in favor of github advisory.

Overview

A vulnerability was found in the validation of a SAML signature. The validation does not ensure that the “Signature” tag is at the proper location inside an “Assertion” tag. This leads to a signature relocation attack where the attacker can corrupt one field of data while maintaining the signature valid. This could allow an authenticated attacker to “remove” one group from the assertion or corrupt another field of an assertion.

Am I affected?

You are affected if you are using the passport-wsfed-saml2 library to version < 3.0.10

How do I fix it?

You may fix this issue by upgrading passport-wsfed-saml2 library to version 3.0.10 or above.

Will the fix impact my users?

This fix patches the library that your application runs, but will not impact your users, their current state, or any existing sessions.