Researchers will release security advice today that are meant for detailing with a new cybersecurity problem that is coming in the form of a new SAML vulnerability that allows cybercriminals to authenticate as legitimate users without knowing victim’s password.
The cybersecurity flaw affects SAML (Security Assertion Markup Language), an XML-based language often used for exchanging authentication and authorization data between parties.
Unlike other shared authentication schemes like OAuth, OpenID, OpenID Connect, and Facebook Connect, SSO stores the user’s identity on a central server on which users have accounts, and when users try to login into other enterprise apps, those apps make requests to the local SSO server via SAML.
Researchers reveal a design cybersecurity flaw that affects various SSO software and several open-source libraries meant to support SAML-based SSO operations.
The cybersecurity flaw exists in how these libraries handle XML comments inserted in the middle of a SAML response request.
Researchers have noticed that if a cybercriminal runs a comment inside the username field in such a way that it breaks the username, the cybercriminal will gain access to the legitimate user’s account.
The only condition that must be completed for an exploit like this to work is the following cybersecurity flaw: any cybercriminal must have an account on the same network in which the victim has the account.
Cybersecurity researchers have identified multiple SSO vendors vulnerable to such attacks.
They are as follows:
OneLogin – python-saml – CVE-2017-11427
OneLogin – ruby-saml – CVE-2017-11428
Clever – saml2-js – CVE-2017-11429
OmniAuth-SAML – CVE-2017-11430
Shibboleth – CVE-2018-0489
Duo Network Gateway – CVE-2018-7340
Cybersecurity researchers recommend disabling public registration of user accounts on sensitive networks and vetting each user manually to avoid cybercriminals registering an account on the internal system that is later used to exploit this cybersecurity flaw.
Another cybersecurity solution for this problem is the following: network admins can configure a whitelist of accepted email address domain names to limit who can register on the network.
Also, remember that this cybersecurity flaw is not possible with accounts protected by two-factor authentication solutions. Cybersecurity threats are always affecting various systems and platforms this is why cybersecurity must be taken seriously. It is always a good idea to protect every device with a secure cybersecurity solution like antivirus software. For example, depending on which OS your device has, it is always recommended the install antivirus for Windows or antivirus for Mac because this kind of software will provide reliable protection to your sensitive and private data.