CVE-2017-11429 - OpenCVE

Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Clever	Saml2-js

Configuration 1 [-]

cpe:2.3:a:clever:saml2-js:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
https://www.kb.cert.org/vuls/id/475445

History

No history.

MITRE

Status: PUBLISHED

Assigner: duo

Published: 2019-04-17T14:00:08

Updated: 2024-08-05T18:12:39.610Z

Reserved: 2017-07-18T00:00:00

Link: CVE-2017-11429

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-04-17T14:29:00.387

Modified: 2019-10-09T23:22:06.090

Link: CVE-2017-11429

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "saml2-js", "vendor": "Clever", "versions": [{"lessThan": "1.0", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "2.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Kelby Ludwig of Duo Security"}], "descriptions": [{"lang": "en", "value": "Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-04-17T14:00:08", "orgId": "7cd4c57f-0a88-4dda-be53-70336b413766", "shortName": "duo"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"}, {"tags": ["x_refsource_MISC"], "url": "https://www.kb.cert.org/vuls/id/475445"}], "source": {"discovery": "INTERNAL"}, "title": " Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@duo.com", "ID": "CVE-2017-11429", "STATE": "PUBLIC", "TITLE": " Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "saml2-js", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "1.0"}, {"affected": "<", "version_affected": "<", "version_value": "2.0"}]}}]}, "vendor_name": "Clever"}]}}, "credit": [{"lang": "eng", "value": "Kelby Ludwig of Duo Security"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-287: Improper Authentication"}]}]}, "references": {"reference_data": [{"name": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations", "refsource": "MISC", "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"}, {"name": "https://www.kb.cert.org/vuls/id/475445", "refsource": "MISC", "url": "https://www.kb.cert.org/vuls/id/475445"}]}, "source": {"discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:12:39.610Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/475445"}]}]}, "cveMetadata": {"assignerOrgId": "7cd4c57f-0a88-4dda-be53-70336b413766", "assignerShortName": "duo", "cveId": "CVE-2017-11429", "datePublished": "2019-04-17T14:00:08", "dateReserved": "2017-07-18T00:00:00", "dateUpdated": "2024-08-05T18:12:39.610Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:clever:saml2-js:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1B55F7F-28CC-46B5-85C3-1D2A4712EAA1", "versionEndIncluding": "2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."}, {"lang": "es", "value": "Clever saml2-js versi\u00f3n 2.0 y versiones anteriores pueden utilizar incorrectamente los resultados de las API de transversalizaci\u00f3n y canonicalizaci\u00f3n de DOM de XML de tal manera que un atacante pueda manipular los datos SAML sin invalidar la firma criptogr\u00e1fica, lo que permite que el ataque omita la identificaci\u00f3n de los proveedores del servicio SAML."}], "id": "CVE-2017-11429", "lastModified": "2019-10-09T23:22:06.090", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "security@duo.com", "type": "Secondary"}]}, "published": "2019-04-17T14:29:00.387", "references": [{"source": "security@duo.com", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"}, {"source": "security@duo.com", "tags": ["US Government Resource", "Third Party Advisory"], "url": "https://www.kb.cert.org/vuls/id/475445"}], "sourceIdentifier": "security@duo.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "security@duo.com", "type": "Secondary"}]}