oss-sec mailing list archives

Re: [CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0

From: Alvaro Hoyos <alvaro.hoyos () onelogin com>
Date: Fri, 24 Jun 2016 12:01:11 -0700 (PDT)

Thanks to Robert Clancy from swrve.com for discovering and responsibly 
reporting this issue.

On Friday, June 24, 2016 at 11:35:34 AM UTC-7, Alvaro Hoyos wrote:


Overview: 
Ruby-saml prior to version 1.3.0 is vulnerable to an XML signature 
wrapping attack. Ruby-saml users must update to 1.3.0 version which 
implements 3 extra validations to mitigate this kind of attack.

Overall CVSS Score 6.1

Fix: Add extra validations to prevent Signature wrapping attacks [1]

[1] https://github.com/onelogin/ruby-saml

alvaro j hoyos | chief information security officer | 
alvaro.hoyos () onelogin com | +1 415.653.1893 | skype: alvaroonelogin

Current thread:

[CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0 Alvaro Hoyos (Jun 24)
- Re: [CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0 Alvaro Hoyos (Jun 24)