A vulnerability was found in Express-saml2 and Samlify (the affected version is unknown). It has been classified as critical. This affects an unknown code of the component XML Signature Wrapper. The manipulation with an unknown input leads to a xml injection vulnerability (User). CWE is classifying the issue as CWE-91. The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. This is going to have an impact on confidentiality, and integrity. The summary by CVE is:

An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.

The bug was discovered 09/22/2017. The weakness was published 01/02/2018 (Website). It is possible to read the advisory at github.com. This vulnerability is uniquely identified as CVE-2017-1000452 since 01/02/2018. It is possible to initiate the attack remotely. A authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1505 according to MITRE ATT&CK.

The vulnerability was handled as a non-public zero-day exploit for at least 102 days. During that time the estimated underground price was around $0-$5k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Productinfo

Name

• Express-saml2
• Samlify

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion