製品・ソフトウェアに関する情報
Vulnerability Search
複数の SAML ライブラリに認証回避の脆弱性
Title 複数の SAML ライブラリに認証回避の脆弱性
Summary

複数の SAML ライブラリに、サービスプロバイダへの認証が回避される問題が存在します。この問題は XML DOM トラバーサルおよび正規化を行う API の挙動に起因しており、攻撃者は XML 署名の検証を無効化することなく、SAML データを改ざんすることが可能です。 不適切な認証 (<a href="https://cwe.mitre.org/data/definitions/287.html"target="blank">CWE-287</a>) Security Assertion Markup Language (SAML) は主に SSO (Single Sign-On サービス) で使用される、認証や認可を行うための XML ベースのマークアップ言語です。 いくつかの SAML ライブラリでは、XML DOM トラバーサルや正規化の処理を行う API における XML データ中のコメントの扱い方に不整合な点があり、XML 署名検証で XML データの改ざんを検出できない可能性があります。 その結果、遠隔の攻撃者は、改ざんした SAML メッセージを使って SAML サービスプロバイダの認証を回避することが可能となります。

Possible impacts 遠隔の第三者によって、SAML データの内容を XML 署名が無効にならない形で改ざんされ、SAML サービスプロバイダの第一段階の認証を回避される可能性があります。
Solution

[アップデートする] 本脆弱性に影響を受ける可能性がある SAML サービスプロバイダの方は、最新版の SAML ライブラリを使用するようにソフトウェアをアップデートしてください。
Publication Date Feb. 27, 2018, midnight
Registration Date March 2, 2018, 1:45 p.m.
Last Update Oct. 29, 2018, 2:20 p.m.
CVSS3.0 : 警告
Score 5
Vector CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVSS2.0 : 警告
Score 6.3
Vector AV:N/AC:M/Au:S/C:C/I:N/A:N
Affected System
(複数のベンダ)
(複数の製品) 
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
その他
Change Log
No Changed Details Date of change
1 [2018年03月02日]
  掲載		 March 2, 2018, 1:45 p.m.
3 [2018年08月22日]
   参考情報:National Vulnerability Database (NVD) (CVE-2018-0489) を追加		 Aug. 22, 2018, 2:46 p.m.
4 [2018年10月29日]
  影響を受けるシステム:内容を更新
  参考情報:Common Vulnerabilities and Exposures (CVE) (CVE-2018-5387) を追加
  参考情報:National Vulnerability Database (NVD) (CVE-2018-5387) を追加		 Oct. 29, 2018, 2:19 p.m.
NVD Vulnerability Information
CVE-2017-11427
Summary

OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

Publication Date April 17, 2019, 11:29 p.m.
Registration Date Jan. 26, 2021, 1:12 p.m.
Last Update Nov. 21, 2024, 12:07 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:a:onelogin:pythonsaml:*:*:*:*:*:*:*:* 2.3.0
Related information, measures and tools
Common Vulnerabilities List
CVE-2017-11428
Summary

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

Publication Date April 17, 2019, 11:29 p.m.
Registration Date Jan. 26, 2021, 1:12 p.m.
Last Update Nov. 21, 2024, 12:07 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:* 1.6.0
Related information, measures and tools
Common Vulnerabilities List
CVE-2017-11429
Summary

Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

Publication Date April 17, 2019, 11:29 p.m.
Registration Date Jan. 26, 2021, 1:12 p.m.
Last Update Nov. 21, 2024, 12:07 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:a:clever:saml2-js:*:*:*:*:*:*:*:* 2.0
Related information, measures and tools
Common Vulnerabilities List
CVE-2017-11430
Summary

OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

Publication Date April 17, 2019, 11:29 p.m.
Registration Date Jan. 26, 2021, 1:12 p.m.
Last Update Nov. 21, 2024, 12:07 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:a:omniauth:omniauth_saml:*:*:*:*:*:*:*:* 1.9.0
Related information, measures and tools
Common Vulnerabilities List
CVE-2018-0489
Summary

Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.

Publication Date Feb. 28, 2018, 12:29 a.m.
Registration Date March 1, 2021, 6:37 p.m.
Last Update Nov. 21, 2024, 12:38 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:a:shibboleth:xmltooling-c:*:*:*:*:*:*:*:* 1.6.4
Configuration2 or higher or less more than less than
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Configuration3 or higher or less more than less than
cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:* 6.7.0 6.7.2
cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:* 6.6.0 6.6.9
Related information, measures and tools
Common Vulnerabilities List
CVE-2018-5387
Summary

Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

Publication Date July 25, 2018, 12:29 a.m.
Registration Date March 1, 2021, 7:31 p.m.
Last Update Nov. 21, 2024, 1:08 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:a:wizkunde:samlbase:*:*:*:*:*:*:*:* 1.4.2
Related information, measures and tools
Common Vulnerabilities List