cericksen
commented
10 years ago Thank you for identifying this issue. The problem has been fixed in version 2.0.0 of the samlr gem.
Closed uday-rayala closed 10 years ago
cericksen
commented
10 years ago Thank you for identifying this issue. The problem has been fixed in version 2.0.0 of the samlr gem.
We found out that samlr library is vulnerable to XSW attack mentioned here https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final91.pdf.
I have added a failing test case in the fork I made here https://github.com/uday-rayala/samlr. You can login as one user and pretend to be another user.
I would have gone ahead and fixed this particular test case but it should be fixed by following the guidelines mentioned in that same article like returning the same assertion which has been verified by the Signature. This requires change in the design so wanted to discuss with you first about how to approach this.