SAMLRaider icon indicating copy to clipboard operation
SAMLRaider copied to clipboard
verified publisher icon CompassSecurity

Support SimpleSAMLphp Nov2019 auth bypass vuln

Open minispooner opened this issue 5 years ago • 3 comments

The popular SAML library SimpleSAMLphp had an auth bypass vuln in Nov 2019 here. This is a novel XSW attack that could be added into SAMLRaider functionality. I was able to manually replicate and exploit the vulnerability in a few vulnerable applications and can walkthrough the specifics. I don't know Java very well though - I'm a python developer. Maybe I can hack up some code and submit a PR to do this myself over Christmas break this year...

minispooner avatar Sep 22 '20 20:09 minispooner

Implemented in https://github.com/CompassSecurity/SAMLRaider/pull/49. Will be available in the next version.

emanuelduss avatar Jan 15 '21 19:01 emanuelduss

Released https://github.com/CompassSecurity/SAMLRaider/releases/tag/v1.3.0.

emanuelduss avatar Jan 15 '21 20:01 emanuelduss

The current implementation does not work. See https://github.com/CompassSecurity/SAMLRaider/pull/49#issuecomment-775958360.

emanuelduss avatar Feb 11 '21 14:02 emanuelduss