A vulnerability, which was classified as critical, has been found in passport-wsfed-saml2 up to 4.6.2. This issue affects an unknown part of the component WSFed Authentication. The manipulation with an unknown input leads to a improper authentication vulnerability. Using CWE to declare the problem leads to CWE-287. When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. Impacted is confidentiality. The summary by CVE is:

Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession of an arbitrary IDP signed assertion. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. This issue is patched in version 4.6.3. Use of SAML2 authentication instead of WSFed is a workaround.

The weakness was published 12/13/2022 as GHSA-ppjq-qxhx-m25f. It is possible to read the advisory at github.com. The identification of this vulnerability is CVE-2022-23505 since 01/19/2022. The technical details are unknown and an exploit is not publicly available.

Upgrading to version 4.6.3 eliminates this vulnerability.

Similar entry is available at VDB-111040.

Productinfo

Name

• passport-wsfed-saml2

Version

• 4.6.0
• 4.6.1
• 4.6.2

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion