How the CVE Works:
This vulnerability exploits improper validation of SAML attributes in passport-wsfed-saml2. Attackers manipulate SAML responses by injecting malicious attributes, tricking the system into granting unauthorized access. The library fails to enforce strict attribute checks, allowing an attacker to impersonate any user by smuggling forged attributes into a valid SAML assertion. This bypasses authentication by misusing the trust relationship between the Identity Provider (IdP) and Service Provider (SP).
DailyCVE Form:
Platform: Node.js
Version: <=4.6.3
Vulnerability: SAML bypass
Severity: High
Date: May 6, 2025
What Undercode Say:
Exploit:
- Intercept SAML response via MITM or IdP compromise.
2. Inject malicious attributes (`admin `).
- Re-sign the response using a stolen or weak certificate.
4. Submit the tampered response to the SP.
Detection:
grep -r "passport-wsfed-saml2" /path/to/node_modules npm list passport-wsfed-saml2
Mitigation:
1. Upgrade to v4.6.4+:
npm install [email protected]
2. Enforce strict attribute validation:
new WsFedStrategy({
strictAttributeValidation: true
});
3. Log and monitor SAML attributes:
app.post('/saml', (req, res) => {
console.log("SAML Attributes:", req.user.attributes);
});
Testing:
Use SAML Tracer to inspect responses.
References:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
