User impersonation using SAMLv1.x SSO in Open Access Management
CVE-2023-37471

9.1CRITICAL

Key Information:

Vendor

Openidentityplatform

Status
Openam
Vendor
CVE Published:
20 July 2023

What is CVE-2023-37471?

OpenAM, an access management solution by ForgeRock, has a vulnerability that allows attackers to exploit improper validation of SAML response signatures during the SAMLv1.x Single Sign-On process. This flaw permits an attacker to impersonate any OpenAM user, including system administrators, by sending a maliciously crafted SAML response to the SAMLPOSTProfileServlet servlet. It is critical for users to upgrade to OpenAM version 14.7.3-SNAPSHOT or later to rectify this issue. For those unable to upgrade, it is advised to comment out the SAMLPOSTProfileServlet from their pom file to mitigate the risk effectively.

Affected Version(s)

OpenAM < 14.7.3

References

https://github.com/OpenIdentityPlatform/OpenAM/security/a...
x_refsource_CONFIRM
https://github.com/OpenIdentityPlatform/OpenAM/pull/624
x_refsource_MISC
https://github.com/OpenIdentityPlatform/OpenAM/commit/7c1...
x_refsource_MISC

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.